Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ccsetup624.exe

Overview

General Information

Sample name:ccsetup624.exe
Analysis ID:1447672
MD5:0da9ad07601568f130fcd4cbfdf2206b
SHA1:74e481c5e55dd3b2c8d82c9212cc9dd45e0f14dc
SHA256:fbd6bd7103fd037253085761546887cf93657bca9fb812980ab64acf32624a72
Infos:

Detection

Score:40
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:49
Range:0 - 100

Signatures

Yara detected AntiVM3
Contains functionality to infect the boot sector
Disables Windows system restore
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Queries disk data (e.g. SMART data)
Query firmware table information (likely to detect VMs)
Reads the Security eventlog
Reads the System eventlog
Tries to harvest and steal browser information (history, passwords, etc)
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Connects to many different domains
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to communicate with device drivers
Contains functionality to detect virtual machines (SLDT)
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (may stop execution after accessing registry keys)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains executable resources (Code or Archives)
PE file does not import any functions
Queries disk information (often used to detect virtual machines)
Queries information about the installed CPU (vendor, model number etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses the system / local time for branch decision (may execute only at specific dates)

Classification

Process Tree

  • System is w10x64native
  • ccsetup624.exe (PID: 8500 cmdline: "C:\Users\user\Desktop\ccsetup624.exe" MD5: 0DA9AD07601568F130FCD4CBFDF2206B)
    • CCleaner64.exe (PID: 8536 cmdline: "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC MD5: 64F2F2700C072BDE21A02E45D0A05C68)
    • CCUpdate.exe (PID: 1444 cmdline: "C:\Program Files\CCleaner\CCUpdate.exe" /reg MD5: 0F0B90A01F049665CA511335F9F0BF2E)
      • CCUpdate.exe (PID: 8876 cmdline: CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\605d9d3c-b428-4c6f-bed7-a0262acb20a2.dll" MD5: 0F0B90A01F049665CA511335F9F0BF2E)
    • chrome.exe (PID: 6556 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0 MD5: 464953824E644F10FFDC9E093FD18F94)
      • chrome.exe (PID: 2344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,9984978765859357333,6736122754470887956,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:8 MD5: 464953824E644F10FFDC9E093FD18F94)
    • CCleaner64.exe (PID: 5172 cmdline: "C:\Program Files\CCleaner\CCleaner64.exe" MD5: 64F2F2700C072BDE21A02E45D0A05C68)
  • svchost.exe (PID: 9156 cmdline: C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc MD5: F586835082F632DC8D9404D83BC16316)
  • CCUpdate.exe (PID: 3584 cmdline: "C:\Program Files\CCleaner\CCUpdate.exe" MD5: 0F0B90A01F049665CA511335F9F0BF2E)
  • CCleanerBugReport.exe (PID: 7204 cmdline: "C:\Program Files\CCleaner\CCleanerBugReport.exe" --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5c75d985-5a4f-4231-b996-70bdb906d557" --version "6.24.11060" --silent MD5: 30F22B80E4FA1BEA515CE41175E94DE8)
    • conhost.exe (PID: 5064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • CCleaner.exe (PID: 4720 cmdline: "C:\Program Files\CCleaner\CCleaner.exe" 0 MD5: AB264CBE086494E6E4F57E1975F032EC)
    • CCleaner64.exe (PID: 5804 cmdline: "C:\Program Files\CCleaner\CCleaner.exe" 0 MD5: 64F2F2700C072BDE21A02E45D0A05C68)
      • CCleaner64.exe (PID: 5116 cmdline: "C:\Program Files\CCleaner\CCleaner64.exe" /monitor MD5: 64F2F2700C072BDE21A02E45D0A05C68)
      • wa_3rd_party_host_32.exe (PID: 1656 cmdline: --pid=5804 MD5: DFE443F3ABEF2CE3B2FE1D3C309CE50A)
        • conhost.exe (PID: 8960 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
  • svchost.exe (PID: 1208 cmdline: C:\Windows\System32\svchost.exe -k NetworkService -p -s DoSvc MD5: F586835082F632DC8D9404D83BC16316)
  • unsecapp.exe (PID: 6632 cmdline: C:\Windows\system32\wbem\unsecapp.exe -Embedding MD5: 019961BC381B0AB80D0912E713FF4275)
  • CCleaner64.exe (PID: 3120 cmdline: "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MD5: 64F2F2700C072BDE21A02E45D0A05C68)
  • CCleaner.exe (PID: 6000 cmdline: "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac MD5: AB264CBE086494E6E4F57E1975F032EC)
    • CCleaner64.exe (PID: 2752 cmdline: "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac MD5: 64F2F2700C072BDE21A02E45D0A05C68)
  • svchost.exe (PID: 8216 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: F586835082F632DC8D9404D83BC16316)
  • svchost.exe (PID: 9656 cmdline: C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s SmsRouter MD5: F586835082F632DC8D9404D83BC16316)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000F.00000003.7317546900.000001F7D525B000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
    0000000F.00000003.7319185688.000001F7D5CB6000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
      0000000F.00000003.7318267290.000001F7D5B04000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
        0000000F.00000003.7317890417.000001F7D59E5000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security

          Sigma Signatures

          Sigma detected: CurrentVersion Autorun Keys Modification
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR, EventID: 13, EventType: SetValue, Image: C:\Program Files\CCleaner\CCleaner64.exe, ProcessId: 5116, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CCleaner Smart Cleaning
          Sigma detected: PSScriptPolicyTest Creation By Uncommon Process
          Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe, ProcessId: 1656, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hw5sww41.tyw.ps1
          Sigma detected: Windows Processes Suspicious Parent Directory
          Source: Process startedAuthor: vburov: Data: Command: C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc, CommandLine: C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 872, ProcessCommandLine: C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc, ProcessId: 9156, ProcessName: svchost.exe

          Snort Signatures

          No Snort rule has matched

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_3ddf604d-b

          Compliance

          barindex
          Uses 32bit PE files
          Source: ccsetup624.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Creates a directory in C:\Program Files
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleanerJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleaner.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleaner64.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCUpdate.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\LangJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1025.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1026.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1027.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1028.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1029.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1030.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1031.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1032.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1034.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1035.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1036.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1037.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1038.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1040.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1041.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1042.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1043.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1044.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1045.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1046.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1048.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1049.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1050.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1051.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1052.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1053.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1054.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1055.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1056.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1057.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1058.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1059.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1060.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1061.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1062.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1063.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1065.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1066.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1067.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1068.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1079.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1071.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1081.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1086.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1087.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1090.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1092.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1093.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1102.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1104.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1109.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1110.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1155.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-2052.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-2070.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-2074.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-3098.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-5146.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-9999.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleanerDU.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleanerReactivator.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\libwaapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\libwaheap.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\libwalocal.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\libwaresource.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\libwautils.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\libwavmodapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleanerBugReport.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleanerReactivator.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\uninst.exeJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOGJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Setup\config.defJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeDirectory created: C:\Program Files\CCleaner\Setup\Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeDirectory created: C:\Program Files\CCleaner\Setup\853f33e8-7d58-420f-bf5d-8f7f56e9f9d4.iniJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeDirectory created: C:\Program Files\CCleaner\Setup\605d9d3c-b428-4c6f-bed7-a0262acb20a2.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeDirectory created: C:\Program Files\CCleaner\Setup\63748cba-e338-4416-be16-706152c97125.xmlJump to behavior
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeDirectory created: C:\Program Files\CCleaner\log\BugReport.log.tmp.2007bd58-c3be-44a2-9167-96084d257b0c
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeDirectory created: C:\Program Files\CCleaner\log\BugReport.status
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\gcapi_dll.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log.tmp.c01d7b4c-98f7-4af6-a5c4-744eb5314610
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\DriverUpdEng.log.tmp.4927514b-1d2e-48d7-870b-e36937b3c7f0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log.tmp.7b3a1f05-e63f-4567-aff7-e7586967b71b
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\journal
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\log
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\report
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\chest
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\moved
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\fw
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\event_manager.log.tmp.a71b6340-95af-4f1d-b416-e1c043d0af4b
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\burger_client
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\burger_client\825E3DD4-926B-4EB9-A66E-9F88AAD28A0F
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\usercfg.ini
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\BackupStorage
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\a9bc366c-b65c-4916-986c-1b8f5527fd80
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\su_controller.log.tmp.8d33715d-81ec-4dd3-aeeb-5389f834a4a8
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\su_telemetry.log.tmp.ece4a2de-5ce0-4527-be1c-19f20fd5c898
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\burger_client
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\burger_client\825E3DD4-926B-4EB9-A66E-9F88AAD28A0F
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\d9420f54-15f3-493a-8ecd-482380edd479
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\su_adapter.log.tmp.07f7c365-aa43-494f-b587-6f53e0f9a850
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\state_cache.json.{5D730CDA-315C-40BC-918E-17D18B6ED9E7}
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\fe87aadb-4427-48bb-b4b1-2e2bcc521634
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\DUState.dat
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\StateHistory
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-05-26 12-45-08-542.dat
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\StateHistory\InitialDUState V23_4.dat
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\gcapi_dll.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\gcapi_dll.dll
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeDirectory created: C:\Program Files\CCleaner\LOG\pd.log.tmp.9748da04-3208-429e-9370-b1d805662b00
          PE / OLE file has a valid certificate
          Source: ccsetup624.exeStatic PE information: certificate valid
          Uses secure TLS version for HTTPS connections
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50112 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.11.20:50113 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50114 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.11.20:50117 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50118 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50119 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50120 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50121 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50122 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.149.149.62:443 -> 192.168.11.20:50123 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50124 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50126 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50129 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50130 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.149.149.62:443 -> 192.168.11.20:50131 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.77.70.86:443 -> 192.168.11.20:50132 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50135 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50137 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50138 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50139 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50141 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50140 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50142 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50143 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50144 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50145 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50146 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50147 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50152 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.149.149.62:443 -> 192.168.11.20:50153 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.11.20:50154 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:53932 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:53928 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:64183 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:64182 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:64186 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:58591 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:51760 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:60022 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:60025 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:49375 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:49376 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:60412 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:60415 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:60416 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:65039 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:65038 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:54554 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:51610 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:57796 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:64159 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:49254 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:64511 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:53445 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:54376 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50675 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:51097 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:57384 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:65208 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:64772 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:65397 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55444 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:49239 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:64146 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52656 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55223 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55224 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.11.20:55225 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:55226 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:55227 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:55228 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:55229 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:55230 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 20.190.190.195:443 -> 192.168.11.20:55231 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55232 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55234 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.149.202.126:443 -> 192.168.11.20:55235 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55236 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55242 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:64738 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.11.20:52558 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.11.20:52559 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52561 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52567 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.11.20:52568 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52569 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52570 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52571 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52573 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52576 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52578 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52579 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52581 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:52583 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:52584 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:52585 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:52586 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52588 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52590 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52591 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:52592 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:52593 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52596 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52598 version: TLS 1.2
          Contains modern PE file flags such as dynamic base (ASLR) or NX
          Source: ccsetup624.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Binary contains paths to debug symbols
          Source: Binary string: gcapi_dll.dll.pdb| source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmp
          Source: Binary string: C:\BUILD\work\1878ef5ed829e50b\bin\CCleaner\Release Static\x64\CCleaner64.pdb source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmp
          Source: Binary string: C:\BUILD\work\848d668bab18d6e2\bin_x86\v143\Release Static\neutral\pfUI_link.pdb source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\BUILD\work\3ec84b7238d5b18a\BUILDS\Release\x86\AvastAdSDK_Release Static.pdb source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\BUILD\work\848d668bab18d6e2\bin_x86\v143\Release Static\neutral\pfUI_link.pdb# source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: gcapi_dll.dll.pdb source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmp
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_CURRENT_USER_Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
          Source: C:\Program Files\CCleaner\CCleaner64.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
          Source: C:\Users\user\Desktop\ccsetup624.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\ccsetup624.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008B00EB FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,10_2_008B00EB
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008F35B1 FindFirstFileExW,10_2_008F35B1
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_0089ECE0 FindFirstFileW,SetFileAttributesW,DeleteFileW,GetLastError,Sleep,FindNextFileW,SetFileAttributesW,RemoveDirectoryW,GetLastError,FindClose,10_2_0089ECE0
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cookies
          Source: unknownNetwork traffic detected: DNS query count 59
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
          Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: unknownTCP traffic detected without corresponding DNS query: 40.119.46.46
          Source: global trafficHTTP traffic detected: GET /?p_elm=76&action=1&p_age=0&p_bau=0&p_bsls=0&p_chcc=2&p_chr=0&p_dvt=3&p_fds=431419&p_gis=0&p_hid=be4e4af9-63f6-4992-bfa2-801c56ff5967&p_lid=en-GB&p_lng=en&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_osv=10.0&p_pro=90&p_sbi=0&p_scbu=0&p_tos=0&p_vbd=11060&p_vep=6&p_ves=24&p_wid=1665235917&p_wsc2v_av=9011 HTTP/1.1Connection: Keep-AliveUser-Agent: Avast AntivirusHost: ipm-provider.ff.avast.com
          Source: global trafficHTTP traffic detected: GET /?p_vep=6&p_ves=24&p_vbd=11060&p_lit=0&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_pro=90&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_lng=en&p_lid=en-us HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: shepherd.ff.avast.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /v2/info HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: CCleaner Update AgentHost: ip-info.ff.avast.com
          Source: global trafficHTTP traffic detected: GET /v2/info HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheUser-Agent: CCleaner Update AgentHost: ip-info.ff.avast.com
          Source: global trafficHTTP traffic detected: GET /v1/info HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: ip-info.ff.avast.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /?action=1&p_elm=0&p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: ipm-provider.ff.avast.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/OtAutoBlock.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /scripttemplates/otSDKStub.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/831b8ee0-e952-49a5-af6b-01382c722774.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /bootstrap/v5/tp.widget.bootstrap.min.js HTTP/1.1Host: widget.trustpilot.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /recaptcha/api.js?onload=ccleaner_recaptcha_onloadCallback&render=explicit HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=YES+srp.gws-20210811-0-RC2.en+FX+979
          Source: global trafficHTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/831b8ee0-e952-49a5-af6b-01382c722774.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"accept: application/jsonsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1716727478319 HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Content-Type: application/x-www-form-urlencodedAccept: */*Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /cookieconsentpub/v1/geo/location HTTP/1.1Host: geolocation.onetrust.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /scripttemplates/6.36.0/otBannerSdk.js HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1716727478319 HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=12420529992577389502124774616857229634
          Source: global trafficHTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /wi/ytc.js HTTP/1.1Host: s.yimg.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /c/hotjar-857043.js?sv=6 HTTP/1.1Host: static.hotjar.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /dest5.html?d_nsid=0 HTTP/1.1Host: symantec.demdex.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=12420529992577389502124774616857229634
          Source: global trafficHTTP traffic detected: GET /tags/563151391133/tag.js HTTP/1.1Host: www.mczbf.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /uwt.js HTTP/1.1Host: static.ads-twitter.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /api/mhubc.js HTTP/1.1Host: mstatic.ccleaner.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C19870%7CvVersion%7C5.5.0; avstperm=C0001%3A0%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0; sourceCodeCookie=999_a8e||source=direct|medium=(none)|campaign=(not set)|segmentCode=a; __trSrc=999_a8e; sdl_cid=748901336.1716727479; _gcl_au=1.1.1566402970.1716727479; __srcCookie=007_z8e||source=(Other)|medium=(none)|campaign=(not set)|segmentCode=z; pglpid=undefined
          Source: global trafficHTTP traffic detected: GET /pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=2125617828.1716727479&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060&dma=0&npa=0&gtm=45He45m0n71KFXRTRv71945860za200&auid=1566402970.1716727479 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/508b8439-6d82-43c5-aed5-156f03a3876f/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s65133898573217?AQB=1&ndh=1&pf=1&t=26%2F4%2F2024%208%3A44%3A39%200%20240&mid=12586703185176664232105342814118163955&aamlh=7&ce=UTF-8&pageName=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-24-11060&g=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&cc=USD&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&c14=D%3Dv16&v18=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-24-11060&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&c35=D%3DpageName&c41=ccleaner&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-04-17&c48=CCleaner%20v6.24.11060&v48=D%3Dc49&c49=knowledge&v49=D%3Dc48&v57=12586703185176664232105342814118163955&c59=ccleaner%3Aknowledge%3Accleaner-v6-24-11060&v59=D%3Dc59&v72=ccleaner&c75=D%3Dv57&v96=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060&v164=ccleaner%3A999_a&s=1920x1080&c=24&j=1.6&v=N&k=Y&bw=1920&bh=969&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1Host: oms.ccleaner.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: avstperm=C0001%3A0%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0; sourceCodeCookie=999_a8e||source=direct|medium=(none)|campaign=(not set)|segmentCode=a; __trSrc=999_a8e; sdl_cid=748901336.1716727479; _gcl_au=1.1.1566402970.1716727479; __srcCookie=007_z8e||source=(Other)|medium=(none)|campaign=(not set)|segmentCode=z; pglpid=undefined; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C19870%7CMCMID%7C12586703185176664232105342814118163955%7CMCAAMLH-1717332278%7C7%7CMCAAMB-1717332278%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1716734678s%7CNONE%7CvVersion%7C5.5.0; s_nr=1716727479272-New; event69=event69; channelStack=s_eVar72~ccleaner; s_tbm=true; s_gpv=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-24-11060; s_gpv_custom=ccleaner%3Aknowledge%3Accleaner-v6-24-11060; s_cc=true
          Source: global trafficHTTP traffic detected: GET /ibs:dpid=411&dpuuid=ZlMuuAAAALyDAwN_ HTTP/1.1Host: dpm.demdex.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=12420529992577389502124774616857229634
          Source: global trafficHTTP traffic detected: GET /wi/config/10180940.json HTTP/1.1Host: s.yimg.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /modules.305879d9d5e96288a7f4.js HTTP/1.1Host: script.hotjar.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=61ac9233-d89b-4aaa-a31e-6c699ea51558&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=3c66a34f-3701-4218-ae59-2d1b1049f2b6&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.30 HTTP/1.1Host: t.coConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /711037.gif?partner_uid=5352b045-6480-4ed4-a136-8966549712c0 HTTP/1.1Host: idsync.rlcdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s65133898573217?AQB=1&ndh=1&pf=1&t=26%2F4%2F2024%208%3A44%3A39%200%20240&mid=12586703185176664232105342814118163955&aamlh=7&ce=UTF-8&pageName=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-24-11060&g=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&cc=USD&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&c14=D%3Dv16&v18=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-24-11060&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&c35=D%3DpageName&c41=ccleaner&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-04-17&c48=CCleaner%20v6.24.11060&v48=D%3Dc49&c49=knowledge&v49=D%3Dc48&v57=12586703185176664232105342814118163955&c59=ccleaner%3Aknowledge%3Accleaner-v6-24-11060&v59=D%3Dc59&v72=ccleaner&c75=D%3Dv57&v96=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060&v164=ccleaner%3A999_a&s=1920x1080&c=24&j=1.6&v=N&k=Y&bw=1920&bh=969&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1Host: oms.ccleaner.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: avstperm=C0001%3A0%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0; sourceCodeCookie=999_a8e||source=direct|medium=(none)|campaign=(not set)|segmentCode=a; __trSrc=999_a8e; sdl_cid=748901336.1716727479; _gcl_au=1.1.1566402970.1716727479; __srcCookie=007_z8e||source=(Other)|medium=(none)|campaign=(not set)|segmentCode=z; pglpid=undefined; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C19870%7CMCMID%7C12586703185176664232105342814118163955%7CMCAAMLH-1717332278%7C7%7CMCAAMB-1717332278%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1716734678s%7CNONE%7CvVersion%7C5.5.0; s_nr=1716727479272-New; event69=event69; channelStack=s_eVar72~ccleaner; s_tbm=true; s_gpv=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-24-11060; s_gpv_custom=ccleaner%3Aknowledge%3Accleaner-v6-24-11060; s_cc=true; cjConsent=MHxOfDB8Tnww; cjUser=5352b045-6480-4ed4-a136-8966549712c0; cjLiveRampLastCall=2024-05-26T12:44:39.547Z
          Source: global trafficHTTP traffic detected: GET /wi/config/10180940.json HTTP/1.1Host: s.yimg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /ibs:dpid=411&dpuuid=ZlMuuAAAALyDAwN_ HTTP/1.1Host: dpm.demdex.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: demdex=12420529992577389502124774616857229634; dpm=12420529992577389502124774616857229634
          Source: global trafficHTTP traffic detected: GET /563151391133/pageInfo HTTP/1.1Host: www.mczbf.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /consent/831b8ee0-e952-49a5-af6b-01382c722774/508b8439-6d82-43c5-aed5-156f03a3876f/en.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /scripttemplates/6.36.0/assets/otCenterRounded.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /1000.gif?memo=CP2yKxIwCiwIARCl_gkaJDUzNTJiMDQ1LTY0ODAtNGVkNC1hMTM2LTg5NjY1NDk3MTJjMBAAGg0Iud3MsgYSBQjoBxAAQgBKAA HTTP/1.1Host: idsync.rlcdn.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rlas3=icnAo/BpX6E+9wmtA5aOKQYs4mFDs3K9/GfhTMwMAJU=; pxrc=CAA=
          Source: global trafficHTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=61ac9233-d89b-4aaa-a31e-6c699ea51558&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=3c66a34f-3701-4218-ae59-2d1b1049f2b6&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.30 HTTP/1.1Host: t.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: muc_ads=e19bec48-9054-4abd-8981-ab333a768a90
          Source: global trafficHTTP traffic detected: GET /scripttemplates/6.36.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /scripttemplates/6.36.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.ccleaner.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /scripttemplates/6.36.0/assets/otCenterRounded.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=61ac9233-d89b-4aaa-a31e-6c699ea51558&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=3c66a34f-3701-4218-ae59-2d1b1049f2b6&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.30 HTTP/1.1Host: analytics.twitter.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /1000.gif?memo=CP2yKxIwCiwIARCl_gkaJDUzNTJiMDQ1LTY0ODAtNGVkNC1hMTM2LTg5NjY1NDk3MTJjMBAAGg0Iud3MsgYSBQjoBxAAQgBKAA HTTP/1.1Host: idsync.rlcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: rlas3=icnAo/BpX6E+9wmtA5aOKQYs4mFDs3K9/GfhTMwMAJU=; pxrc=CLndzLIGEgUI6AcQAA==
          Source: global trafficHTTP traffic detected: GET /scripttemplates/6.36.0/assets/v2/otPcCenter.json HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /scripttemplates/6.36.0/assets/otCommonStyles.css HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /signals/config/2679475345708101?v=2.9.156&r=stable&domain=www.ccleaner.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105 HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /logos/static/poweredBy_ot_logo.svg HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /cachedClickId?marketerId=001ac0827d67b7b38319c9517e7fa2f4cc HTTP/1.1Host: tr.outbrain.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /j.php?a=176159&u=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&r=0.8571105425209484 HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /i/adsct?bci=3&eci=2&event_id=61ac9233-d89b-4aaa-a31e-6c699ea51558&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=3c66a34f-3701-4218-ae59-2d1b1049f2b6&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.30 HTTP/1.1Host: analytics.twitter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: personalization_id="v1_ykmy21nCg+qBjPlr+hNE+Q=="
          Source: global trafficHTTP traffic detected: GET /adalyser.js?cid=ccleaner HTTP/1.1Host: c5.adalyser.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /logos/static/poweredBy_ot_logo.svg HTTP/1.1Host: cdn.cookielaw.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /v.gif?cd=0&a=176159&d=ccleaner.com&u=D081923F550B4CB6AAF1E5193B62F8035&h=93a6e56797b5efaae57550acdfcfa9cf&t=true HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /tr/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&rl=&if=false&ts=1716727481468&sw=1920&sh=1080&v=2.9.156&r=stable&ec=0&o=4126&fbp=fb.1.1716727481466.1579835487&cs_est=true&ler=empty&cdl=API_unavailable&it=1716727479766&coo=false&dpo=&tm=1&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /v.gif?cd=0&a=176159&d=ccleaner.com&u=D081923F550B4CB6AAF1E5193B62F8035&h=93a6e56797b5efaae57550acdfcfa9cf&t=true HTTP/1.1Host: dev.visualwebsiteoptimizer.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /tr/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&rl=&if=false&ts=1716727481468&sw=1920&sh=1080&v=2.9.156&r=stable&ec=0&o=4126&fbp=fb.1.1716727481466.1579835487&cs_est=true&ler=empty&cdl=API_unavailable&it=1716727479766&coo=false&dpo=&tm=1&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /tracking/track/v3/p?stm=1716727481819&e=lce1&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&cid=ccleaner&p=%7B%22et%22%3A1716727481817%2C%22nr%22%3A%22New%22%2C%22cg%22%3A%22Direct%22%2C%22dt%22%3A%22desktop%22%2C%22so%22%3A%22direct%22%2C%22me%22%3A%22none%22%2C%22ca%22%3A%22direct%22%2C%22co%22%3A%22(not%20set)%22%2C%22ke%22%3A%22(not%20set)%22%2C%22vid%22%3A%221%22%2C%22sid%22%3A%222984c0b8-a202-426f-acaf-a7b3c00a6ad1%22%2C%22duid%22%3A%22a7ceef44-86b5-48d2-9097-d36dffbdb759%22%2C%22cw%22%3A1716727481817%7D&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F94.0.4606.61%20Safari%2F537.36&domain=www.ccleaner.com HTTP/1.1Host: c5.adalyser.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-69441-21&cid=915640447.1716727481&jid=872880649&gjid=1519295001&_gid=1588426393.1716727482&_u=YCDAgEABAAAAAGAEK~&z=1683501845 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
          Source: global trafficHTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-69441-21&cid=915640447.1716727481&jid=872880649&_u=YCDAgEABAAAAAGAEK~&z=403242574 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.ccleaner.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=YES+srp.gws-20210811-0-RC2.en+FX+979
          Source: global trafficHTTP traffic detected: GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-69441-21&cid=915640447.1716727481&jid=872880649&_u=YCDAgEABAAAAAGAEK~&z=403242574 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=YES+srp.gws-20210811-0-RC2.en+FX+979
          Source: global trafficHTTP traffic detected: GET /tracking/track/v3/p?stm=1716727481819&e=lce1&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&cid=ccleaner&p=%7B%22et%22%3A1716727481817%2C%22nr%22%3A%22New%22%2C%22cg%22%3A%22Direct%22%2C%22dt%22%3A%22desktop%22%2C%22so%22%3A%22direct%22%2C%22me%22%3A%22none%22%2C%22ca%22%3A%22direct%22%2C%22co%22%3A%22(not%20set)%22%2C%22ke%22%3A%22(not%20set)%22%2C%22vid%22%3A%221%22%2C%22sid%22%3A%222984c0b8-a202-426f-acaf-a7b3c00a6ad1%22%2C%22duid%22%3A%22a7ceef44-86b5-48d2-9097-d36dffbdb759%22%2C%22cw%22%3A1716727481817%7D&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F94.0.4606.61%20Safari%2F537.36&domain=www.ccleaner.com HTTP/1.1Host: c5.adalyser.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
          Source: global trafficHTTP traffic detected: GET /?action=1&p_elm=0&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: ipm-provider.ff.avast.comCache-Control: no-cacheCookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
          Source: global trafficHTTP traffic detected: GET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: ipm-provider.ff.avast.comCache-Control: no-cacheCookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
          Source: global trafficHTTP traffic detected: GET /?p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=0&p_tcy=0&p_pct=0&p_jct=0 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: shepherd.ff.avast.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=2&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: ipm-provider.ff.avast.comCache-Control: no-cacheCookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
          Source: global trafficHTTP traffic detected: GET /?p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=3&p_tcy=0&p_pct=0&p_jct=0 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: shepherd.ff.avast.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=3&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: ipm-provider.ff.avast.comCache-Control: no-cacheCookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
          Source: global trafficHTTP traffic detected: GET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=4&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: ipm-provider.ff.avast.comCache-Control: no-cacheCookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
          Source: global trafficHTTP traffic detected: GET /?p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=5&p_tcy=0&p_pct=0&p_jct=0 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: shepherd.ff.avast.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=5&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: ipm-provider.ff.avast.comCache-Control: no-cacheCookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
          Source: global trafficHTTP traffic detected: GET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=6&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: ipm-provider.ff.avast.comCache-Control: no-cacheCookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
          Source: global trafficHTTP traffic detected: GET /?p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=7&p_tcy=0&p_pct=0&p_jct=0 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: shepherd.ff.avast.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=7&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)Host: ipm-provider.ff.avast.comCache-Control: no-cacheCookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
          Source: ccsetup624.exe, 00000000.00000003.7021696533.0000000005B9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: .www.linkedin.combscookiev10 equals www.linkedin.com (Linkedin)
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: the next 30 days.Thank you for purchasing CCleaner Professional.CCleaner ActivationPopup/HealthCheck/PostAnalysis/UpgradedToTrialYour upgrade is complete.OKPopup/HealthCheck/PostAnalysis/UpgradedToProLatestICS*.avast.commail.google.comlogin.live.comgoogle.com/accountswww.google.com/accountswww.google.comgoogle.com*.piriform.com*.ccleanercloud.com*.ccleaner.commail.rumail.lycos.comovi.com/services/signinauth.me.comwww.mail.lycos.comlogin.comcast.neticloud.commail.aol.comwebmail.earthlink.netaccounts.google.commail.yahoo.commail.netscape.comwebmail.aol.comyahoo.comfastmail.fmmy.screenname.aol.comaol.comscreenname.aol.comtwitter.comfacebook.com5.41services.adobe.comProblemRegistry KeyDataCIssuesCtrl::SetControlsUsernameregistry.txtTrueCCScanreg.txt/bkpSelect allFix selected issues...cc_%d%02d%02d_%02d%02d%02d.regBackregReg Files (*.reg)*.regScan For IssuesScan For Issues + CancelSystem.IO.File:GetDirectory() - Error code returned from _tsplitpath_s: System.IO.File:GetDirectory() - DirectoryName after removing trailing slash : Piriform::IO::File::GetDirectory, Drive: System.IO.File:GetDirectory() - FullPath: , Filename: , Directory: , Extension: (App)BKBNLicenseKeyLicense6Namelicense.inibusiness.datautotrial.dat25BrandoverBRANDING , Key: , Name: Trial Activation Trial License registered successfully. Filename: %s equals www.yahoo.com (Yahoo)
          Source: global trafficDNS traffic detected: DNS query: analytics.avcdn.net
          Source: global trafficDNS traffic detected: DNS query: ipm-provider.ff.avast.com
          Source: global trafficDNS traffic detected: DNS query: service.piriform.com
          Source: global trafficDNS traffic detected: DNS query: license.piriform.com
          Source: global trafficDNS traffic detected: DNS query: shepherd.ff.avast.com
          Source: global trafficDNS traffic detected: DNS query: ip-info.ff.avast.com
          Source: global trafficDNS traffic detected: DNS query: ncc.avast.com
          Source: global trafficDNS traffic detected: DNS query: emupdate.avcdn.net
          Source: global trafficDNS traffic detected: DNS query: ccleaner.tools.avcdn.net
          Source: global trafficDNS traffic detected: DNS query: winqual.sb.avast.com
          Source: global trafficDNS traffic detected: DNS query: www.ccleaner.com
          Source: global trafficDNS traffic detected: DNS query: license-api.ccleaner.com
          Source: global trafficDNS traffic detected: DNS query: cdn.cookielaw.org
          Source: global trafficDNS traffic detected: DNS query: download.avira.com
          Source: global trafficDNS traffic detected: DNS query: s.go-mpulse.net
          Source: global trafficDNS traffic detected: DNS query: s7.addthis.com
          Source: global trafficDNS traffic detected: DNS query: assets.adobedtm.com
          Source: global trafficDNS traffic detected: DNS query: widget.trustpilot.com
          Source: global trafficDNS traffic detected: DNS query: s1.pir.fm
          Source: global trafficDNS traffic detected: DNS query: www.google.com
          Source: global trafficDNS traffic detected: DNS query: geolocation.onetrust.com
          Source: global trafficDNS traffic detected: DNS query: dpm.demdex.net
          Source: global trafficDNS traffic detected: DNS query: www.nortonlifelock.com
          Source: global trafficDNS traffic detected: DNS query: c.go-mpulse.net
          Source: global trafficDNS traffic detected: DNS query: connect.facebook.net
          Source: global trafficDNS traffic detected: DNS query: snap.licdn.com
          Source: global trafficDNS traffic detected: DNS query: static.hotjar.com
          Source: global trafficDNS traffic detected: DNS query: static.ads-twitter.com
          Source: global trafficDNS traffic detected: DNS query: amplify.outbrain.com
          Source: global trafficDNS traffic detected: DNS query: s.yimg.com
          Source: global trafficDNS traffic detected: DNS query: mstatic.ccleaner.com
          Source: global trafficDNS traffic detected: DNS query: symantec.demdex.net
          Source: global trafficDNS traffic detected: DNS query: www.mczbf.com
          Source: global trafficDNS traffic detected: DNS query: cm.everesttech.net
          Source: global trafficDNS traffic detected: DNS query: cdn-production.ccleaner.com
          Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
          Source: global trafficDNS traffic detected: DNS query: oms.ccleaner.com
          Source: global trafficDNS traffic detected: DNS query: px.ads.linkedin.com
          Source: global trafficDNS traffic detected: DNS query: script.hotjar.com
          Source: global trafficDNS traffic detected: DNS query: t.co
          Source: global trafficDNS traffic detected: DNS query: analytics.twitter.com
          Source: global trafficDNS traffic detected: DNS query: tr.outbrain.com
          Source: global trafficDNS traffic detected: DNS query: wave.outbrain.com
          Source: global trafficDNS traffic detected: DNS query: idsync.rlcdn.com
          Source: global trafficDNS traffic detected: DNS query: www.linkedin.com
          Source: global trafficDNS traffic detected: DNS query: c5.adalyser.com
          Source: global trafficDNS traffic detected: DNS query: dev.visualwebsiteoptimizer.com
          Source: global trafficDNS traffic detected: DNS query: cdn-uat.ccleaner.com
          Source: global trafficDNS traffic detected: DNS query: stats.g.doubleclick.net
          Source: global trafficDNS traffic detected: DNS query: analytics.google.com
          Source: global trafficDNS traffic detected: DNS query: www.facebook.com
          Source: global trafficDNS traffic detected: DNS query: zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com
          Source: global trafficDNS traffic detected: DNS query: 173bf110.akstat.io
          Source: global trafficDNS traffic detected: DNS query: trial-eum-clienttons-s.akamaihd.net
          Source: global trafficDNS traffic detected: DNS query: trial-eum-clientnsv4-s.akamaihd.net
          Source: global trafficDNS traffic detected: DNS query: siteintercept.qualtrics.com
          Source: global trafficDNS traffic detected: DNS query: 102-165-48-88_s-23-62-230-167_ts-1716727484-clienttons-s.akamaihd.net
          Source: global trafficDNS traffic detected: DNS query: m2stawfydf7ywzstf26a-ps8iwe-4482d3f71-clientnsv4-s.akamaihd.net
          Source: global trafficDNS traffic detected: DNS query: driver-updater.ff.avast.com
          Source: unknownHTTP traffic detected: POST /receive3 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-enc-sbUser-Agent: Avast AntivirusContent-Length: 291Host: analytics.avcdn.net
          Source: global trafficTCP traffic: 192.168.11.20:55540 -> 239.255.255.250:1900
          Source: global trafficTCP traffic: 192.168.11.20:55540 -> 239.255.255.250:1900
          Source: global trafficTCP traffic: 192.168.11.20:55540 -> 239.255.255.250:1900
          Source: global trafficTCP traffic: 192.168.11.20:55540 -> 239.255.255.250:1900
          Source: global trafficTCP traffic: 192.168.11.20:63880 -> 239.255.255.250:1900
          Source: global trafficTCP traffic: 192.168.11.20:63880 -> 239.255.255.250:1900
          Source: global trafficTCP traffic: 192.168.11.20:63880 -> 239.255.255.250:1900
          Source: global trafficTCP traffic: 192.168.11.20:63880 -> 239.255.255.250:1900
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 0Connection: closeDate: Sun, 26 May 2024 12:44:41 GMTX-Request-ID: b8aa6dea-1b5d-11ef-a7d6-6f1c9f83bec2Server: nginxX-Robots-Tag: noindex, nofollowX-Cache: Error from cloudfrontVia: 1.1 2b74e5ee4d30afba8f9df9907896c5f4.cloudfront.net (CloudFront)X-Amz-Cf-Pop: IAD50-C2X-Amz-Cf-Id: OHxWGAAPLFQJTnKIYzjmRHJl0aiW2o2qH6oQ8ADXPR3IovEISawaXA==
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://%s:%d;https=https://%s:%dHTTP/1.0%u.%u.%u.%u01234567890123456789abcdef0123456789ABCDEFCONOUT$
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6942996774.0000000008040000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6930195003.0000000005CD2000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6957324266.000000000806F000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6930274202.0000000005CD6000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6942996774.000000000806B000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6989071547.0000000008074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: ccsetup624.exe, 00000000.00000003.6942996774.0000000008040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: CCUpdate.exeString found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/patches.ini
          Source: CCUpdate.exeString found in binary or memory: http://ccleaner.tools.avcdn.net/tools/ccleaner/update/updates.xml
          Source: ccsetup624.exe, 00000000.00000003.6853330442.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6869244368.000000000404B000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876503852.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7472158907.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6853844532.0000000004049000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7173780025.000001D0E4E3C000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000002.7471485231.000001D0E4E3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: ccsetup624.exe, 00000000.00000003.6853330442.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6869244368.000000000404B000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876503852.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7472158907.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6853844532.0000000004049000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7173780025.000001D0E4E22000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
          Source: ccsetup624.exe, 00000000.00000003.6942996774.0000000008040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6942996774.0000000008040000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6930195003.0000000005CD2000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6957324266.000000000806F000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6930274202.0000000005CD6000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6942996774.000000000806B000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6989071547.0000000008074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
          Source: ccsetup624.exe, 00000000.00000003.6942996774.000000000806B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6942996774.0000000008040000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6930195003.0000000005CD2000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6957324266.000000000806F000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6930274202.0000000005CD6000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6942996774.000000000806B000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6989071547.0000000008074000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0=
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
          Source: CCUpdate.exeString found in binary or memory: http://emupdate.avcdn.net/files/emupdate/pong.txt
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://files.avast.com/beta9x/avast_free_antivirus_setup_online.exeASWSig2A5549FF2866EA44F68D28FB2B1
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://files.avast.com/iavs9x/avast_premier_antivirus_setup_online.exeASWSig2A5FB1A9FDC683FA551EB348
          Source: CCUpdate.exeString found in binary or memory: http://honzik.avcdn.net/diffs/
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://honzik.avcdn.net/setup/avast-tu/beta/avast_cleanup_online_setup.exeASWSig2A1E3DD1C1B204ED89FD
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exeASWSig2A4C1A1197A19B18F
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeASWSig2A2D7E61EA63DA
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://honzik.avcdn.net/setup/avg-av/release/avg_internet_security_online_setup.exeASWSig2A40170EEB1
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://honzik.avcdn.net/setup/avg-bs/beta/avg_battery_saver_online_setup.exeASWSig2A4D178CA216002CE0
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exeASWSig2A7E478FFFFFA84
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://honzik.avcdn.net/setup/avg-tu/beta/avg_tuneup_online_setup.exeASWSig2A51F05E8C170B452F21205C3
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://honzik.avcdn.net/setup/avg-tu/release/avg_tuneup_online_setup.exeASWSig2A19497FDBA8D930F12196
          Source: CCUpdate.exeString found in binary or memory: http://honzik.avcdn.net/universe/
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://httphttpsapp.lis.get.installapp.lis.install.statusapp.lis.gen_install_and_activateapp.lis.ins
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://keys.backup.norton.com
          Source: CCleaner64.exe, 00000007.00000003.7173151516.000001D0E2750000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000002.7463525196.000001D0E2750000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7186291468.000001D0E2750000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ncc.avast.com/l
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmp, CCleaner64.exe, 00000007.00000003.7173151516.000001D0E2713000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7187171154.000001D0E4DA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ncc.avast.com/ncc.txt
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ncc.avast.com/ncc.txtCommChannel.dllinvalid
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
          Source: ccsetup624.exe, 00000000.00000000.6765904102.000000000040A000.00000008.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6942996774.0000000008040000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6930195003.0000000005CD2000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6957324266.000000000806F000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000003.6930274202.0000000005CD6000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6942996774.000000000806B000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6989071547.0000000008074000.00000004.00000800.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: ccsetup624.exe, 00000000.00000003.6942996774.000000000806B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0:
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://ocsp.digicert.com0A
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://ocsp.digicert.com0C
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://ocsp.digicert.com0X
          Source: ccsetup624.exe, 00000000.00000003.6957324266.000000000806F000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6942996774.000000000806B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.msocsp.com0
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p%03d.sb.avast.com/V1/MD/avast_streambacksubmit_%03d://http://p%03d.sb.avast.com/V1/PD/avast_
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://p%03d.sb.avast.com/V1/MD/avast_streambacksubmit_%03d://http:Do
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://p%03d.sb.avast.com/V1/PD/avast_streambackraw_%03d://StreambackCommChannelAddr_asw::commchanne
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://posttestserver.com/a
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://posttestserver.com/avast_streambackraw_007://http://p004.sb.avast.com/V1/PD/avast_streambackr
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLCopyright
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://sea20.ff.avast.com/browsercleanup://https://brain.jumpshot.com/avast/ss/queue/jumpshot_silent
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.avast.com0
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.avast.com0/
          Source: ccsetup624.exe, 00000000.00000003.7135328964.0000000006BF0000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7462374225.000000000086A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.com/ccleaner
          Source: ccsetup624.exe, 00000000.00000002.7462374225.000000000086A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.com/go/app_license?p=1&l=
          Source: ccsetup624.exe, 00000000.00000002.7472158907.0000000004039000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.com/go/app_license?p=1&l=1033&a=0l
          Source: ccsetup624.exe, 00000000.00000002.7462374225.000000000086A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.com/go/app_privacy?p=1&l=
          Source: ccsetup624.exe, 00000000.00000002.7472158907.0000000004039000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.com/go/app_privacy?p=1&l=1033&a=0
          Source: ccsetup624.exe, 00000000.00000002.7462374225.000000000086A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=
          Source: ccsetup624.exe, 00000000.00000003.7458347066.0000000005B73000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7457491002.000000000090D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7464306050.000000000090F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0
          Source: ccsetup624.exe, 00000000.00000003.7458347066.0000000005B73000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0F
          Source: ccsetup624.exe, 00000000.00000003.7435901036.0000000005BD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0P
          Source: ccsetup624.exe, 00000000.00000003.7435901036.0000000005BDB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0UserWdtHny
          Source: ccsetup624.exe, 00000000.00000002.7472158907.0000000004039000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0p
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.ccleaner.com/inapp/notificationsContent-Type:
          Source: ccsetup624.exe, 00000000.00000002.7462374225.000000000086A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ccleaner.comopen
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.digicert.com/CPS0
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0~
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.gimp.org/xmp/
          Source: ccsetup624.exe, 00000000.00000003.6853330442.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7472158907.000000000407B000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6869244368.000000000404B000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876503852.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876503852.000000000407B000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7472158907.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6853330442.000000000407B000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6853844532.0000000004049000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6869244368.000000000407B000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7173780025.000001D0E4E3C000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000002.7471485231.000001D0E4E3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: http://www.winimage.com/zLibDllNUL
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.zkysky.com.ar/This
          Source: ccsetup624.exe, 00000000.00000003.6957324266.00000000080AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak
          Source: ccsetup624.exe, 00000000.00000003.6957324266.00000000080AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://akbr-api.avast.com/activation?https://akbr-api.avast.com/acquisition?avast_creditmonitor://a
          Source: CCleaner64.exe, 0000000F.00000003.7303223557.000001F7CC4F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://alldrivers4devices.net
          Source: ccsetup624.exe, 00000000.00000003.7042201050.00000000040A7000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7173151516.000001D0E2750000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000002.7463525196.000001D0E2750000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7186291468.000001D0E2750000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/
          Source: CCleaner64.exe, 00000007.00000002.7461616307.000001D0E26CE000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7185607741.000001D0E26CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/AMK=az
          Source: CCleaner64.exe, 00000007.00000002.7471485231.000001D0E4E3C000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7183504553.000001D0E46C9000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7175220341.000001D0E46C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net/receive3
          Source: CCleaner64.exe, 00000007.00000003.7173780025.000001D0E4DE6000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000002.7471485231.000001D0E4DE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://analytics.avcdn.net:443/receive3
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_FREE/platform_WIN/installertype_ONLINE/build
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_ONE_FREE/platform_WIN/installertype_ONLINE/b
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_ONE_PRO/platform_WIN/installertype_ONLINE/bu
          Source: ccsetup624.exe, 00000000.00000003.7019826840.00000000077D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://capturemedia-assets.com/ig-bank/ad-engagement/startAnimation/main/index.html
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://ccleaner.com/go/app_cc_acknowledgements
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://ccleaner.com/go/app_cc_license_agreement
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://ccleaner.com/go/app_cc_privacy_data_factsheet
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://ccleaner.com/go/app_cc_privacy_policy
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://ccleaner.com/go/app_cc_privacy_product_policy
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://download.avira.com/download/opswat-sdk-database/su_worker.exeasw::su_controller::ControllerC
          Source: CCleaner64.exe, 0000000F.00000003.7303223557.000001F7CC4F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://encrypted-tbn0.gstatic.com/licensed-image?q=tbn:ANd9GcQ9cdWZyWemBYK4iZzupPQvi4KxwhrP2gd2mbd_
          Source: CCleaner64.exe, 0000000F.00000003.7303223557.000001F7CC4F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://encrypted-tbn0.gstatic.com/licensed-image?q=tbn:ANd9GcTY1J5u4ggIZcWkn_bKYF2jH3LTrQT_67s9m_K5
          Source: CCleaner64.exe, 0000000F.00000003.7303223557.000001F7CC4F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://encrypted-tbn0.gstatic.com/licensed-image?q=tbn:ANd9GcTygHrCyiroVAjyRhb7aKStaoTecJ-NEUx8Q8B8
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fp-vs.azureedge.net/apc/trans.gif?04285c3d8342d84b047ca3b71c38c3dc
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fp-vs.azureedge.net/apc/trans.gif?24766aecdd70019235b6a64682a52f4f
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-atrk/release/avast_antitrack_online_setup.exeASWSig2A532CCF5ABF
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/beta/avast_breach_guard_online_setup.exeASWSig2A6DF674D10553
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bg/release/avast_breach_guard_online_setup.exeASWSig2A2457920CE
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/beta/avast_battery_saver_online_setup.exeASWSig2A3A3BE3789E6
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exeASWSig2A072492C0
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/beta/avast_driver_updater_online_setup.exeASWSig2A3CBDA28891
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-du/release/avast_driver_updater_online_setup.exeASWSig2A021F36B
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exeASWSig2A06FCDABA5742BE662
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-atrk/release/avg_antitrack_online_setup.exeASWSig2A2B99C8EA31CB6D
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/beta/avg_breach_guard_online_setup.exeASWSig2A56213C511B9A9241
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exeASWSig2A14AA13983E189
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-du/beta/avg_driver_updater_online_setup.exeASWSig2A667B4A5D8ECDBD
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-du/release/avg_driver_updater_online_setup.exeASWSig2A24A39E8D727
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://honzik.avcdn.net/setup/avg-vpn/release/avg_vpn_online_setup.exeASWSig2A27B1BBBA8E4138C4EDCFD
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://install.avcdn.net/avg/beta9x/avg_internet_security_setup.exeASWSig2A7D77EF27F362060AF957E761
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://install.avcdn.net/avg/iavs9x/avg_internet_security_setup.exeASWSig2A123D026AE3BEAC0AC7D4DC35
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://install.avcdn.net/avg/iavs9x/avg_internet_security_setup.exeASWSig2A357ACEF8FE55D8ED7E2EA469
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://install.avcdn.net/beta9x/avast_pro_antivirus_setup_online.exeASWSig2A579D90FED0C6441EE7B258F
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://install.avcdn.net/iavs9x/avast_free_antivirus_setup_online.exeASWSig2A2EC0971AB07DE15C30023C
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://install.avcdn.net/iavs9x/avast_pro_antivirus_setup_online.exeASWSig2A03A4D7B0044FDD707267F64
          Source: CCUpdate.exeString found in binary or memory: https://ip-info.ff.avast.com/v2/info
          Source: ccsetup624.exe, 00000000.00000003.6876503852.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876406228.00000000040A8000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876259370.00000000040A7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/
          Source: ccsetup624.exe, 00000000.00000003.6876503852.0000000004039000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/?p_elm=76&action=1&p_age
          Source: ccsetup624.exe, 00000000.00000003.6876503852.000000000401C000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7472158907.000000000401C000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876503852.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876445271.0000000005B41000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com/?p_elm=76&action=1&p_age=0&p_bau=0&p_bsls=0&p_chcc=2&p_chr=0&p_dvt
          Source: ccsetup624.exe, 00000000.00000003.6876503852.000000000400F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-provider.ff.avast.com:443qF
          Source: ccsetup624.exe, 00000000.00000003.6876445271.0000000005B4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipm-static.avcdn.net/content-assets-prod/
          Source: ccsetup624.exe, 00000000.00000003.6876503852.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876445271.0000000005B41000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876445271.0000000005B4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipmcdn.avast.com/images/
          Source: ccsetup624.exe, 00000000.00000003.6876445271.0000000005B4B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipmcdn.avast.com/images/Persistent-AuthWWW-AuthenticateVaryClientId=563fffb9-0641-4af9-b6eb-
          Source: CCleaner64.exe, 0000000F.00000003.7303223557.000001F7CC4F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lh5.googleusercontent.com/p/AF1QipOvNh-L3TTVll_wDyQd66TEaShUCp3i0iabc8se=w92-h92-n-k-no
          Source: CCleaner64.exe, 0000000F.00000003.7303223557.000001F7CC4F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lh5.googleusercontent.com/p/AF1QipPFr704HJkdqZ5xefxGs53Btx8SeAbaCnWxa6-y=w92-h92-n-k-no
          Source: ccsetup624.exe, 00000000.00000003.7077262001.0000000005CD1000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7458083490.0000000005CD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://license.piriform.com/
          Source: ccsetup624.exe, 00000000.00000003.7077262001.0000000005CD1000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7458083490.0000000005CD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://license.piriform.com/E
          Source: ccsetup624.exe, 00000000.00000002.7462374225.00000000008FD000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7457491002.00000000008FD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://license.piriform.com/product/v1/installcheck?p=1&v=6.24.11060&vx=&l=1033&b=1&o=10W6&g=0&i=1&
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://license.piriform.com/update1033BaseUpdateProviderOnCustomErrorExtra
          Source: ccsetup624.exe, 00000000.00000003.6853330442.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7472158907.000000000407B000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6869244368.000000000404B000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876503852.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876503852.000000000407B000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7472158907.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6853330442.000000000407B000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6853844532.0000000004049000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6869244368.000000000407B000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7173780025.000001D0E4E3C000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000002.7471485231.000001D0E4E3C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://openid-stage.avast.comhttps://openid-stage.avg.comalpha-iqs-stage.ff.avast.commy-win-stage.f
          Source: CCleaner64.exe, 00000007.00000003.7175401443.000001D0E469B000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000002.7469141083.000001D0E469E000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7188344410.000001D0E469C000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7174187118.000001D0E4680000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://openid.avast.com
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://openid.avg.comalpha-rollout-service.ff.avast.commy-devices.avast.comhttps://openid.avast.com
          Source: ccsetup624.exe, 00000000.00000003.6942996774.0000000008040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlookmobile-office365-tas.msedge.net/ab?clientId=512A4435-60B8-42A2-80D3-582B6B7FB6C0&ig=1
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://piriform.zendesk.com/hc/en-us/articles/204043884-Using-CCleaner-s-Drive-Wiper
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://piriform.zendesk.com/hc/en-us/articles/218109957-How-do-I-manage-browser-plugins-
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://posttestserver.com/test_channel_s://http://posttestserver.com/test_channel://avast_streambac
          Source: CCleaner64.exe, 0000000F.00000003.7303223557.000001F7CC4F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recoveringlib.blogspot.com
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://s-trackoff.avcdn.net/avg/trackoff/7854df286ff1c4e1f4d81d466f4a1b0243b39837ac99c5b98817907f76
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://s-trackoff.avcdn.net/trackoff/8ad1526a87b9617cf6dd677cdf9f87a0e3fd1555b6a8828d87ec2bef2850fa
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://sciter.com/forums/topic/plus-custom-output-formatter-wont-work-if-they-are-written-in-htm/#p
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://secure.ccleaner.com/502/uurl-90zu4qtn5p?
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://secure.ccleaner.com/502/uurl-90zu4qtn5p?x-source=833
          Source: ccsetup624.exe, 00000000.00000003.7077143181.0000000005B80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://service.piriform.com/
          Source: ccsetup624.exe, 00000000.00000002.7462374225.000000000086A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://service.piriform.com/installcheck.aspx5.70.7909PrefsPrivacyShareData1stParty
          Source: ccsetup624.exe, 00000000.00000003.7457491002.00000000008FD000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7462374225.0000000000820000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://service.piriform.com/installcheck.aspx?p=1&v=6.24.11060&vx=&l=1033&b=1&o=10W6&g=0&i=1&a=0&e=
          Source: ccsetup624.exe, 00000000.00000003.7077262001.0000000005CD1000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7458083490.0000000005CD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.ff.avast.com/
          Source: ccsetup624.exe, 00000000.00000002.7472158907.0000000004008000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.ff.avast.com/?p_vep=6&p_ves=24&p_vbd=11060&p_lit=0&p_midex=E8E4C5DC7068F1D7A5F14852
          Source: ccsetup624.exe, 00000000.00000002.7462374225.000000000086A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shepherd.ff.avast.com/Mozilla/4.0
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://softwareupdatechecker.live-everest-media.net/api/v1/ProgramDefinitions/api/v1/ScanResultshtt
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://softwareupdatechecker.staging-everest-media.netUsing
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t-ring.msedge.net/apc/trans.gif?36fa5d99dd3fb007af5ae3f0dfcf368e
          Source: ccsetup624.exe, 00000000.00000003.6989071547.000000000807C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t-ring.msedge.net/apc/trans.gif?a4fc720ef203eae774a1094a23dcc817
          Source: CCleaner64.exe, 0000000F.00000003.7303223557.000001F7CC4F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://windows-drivers-x04.blogspot.com
          Source: CCleaner64.exe, 0000000F.00000003.7303223557.000001F7CC4F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.autoitscript.com
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.avast.com/lp-ppc-nbu-fav-cc
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/business
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/business/ccleaner-business-edition
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/ccleaner
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/ccleaner/browser
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/docs/ccleaner/ccleaner-settings/choosing-which-cookies-to-keep
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/docs/ccleaner/using-ccleaner/browser-cleaning
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/docs/ccleaner/using-ccleaner/managing-auto-starting-programs
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/docs/ccleaner/using-ccleaner/uninstalling-programs
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_cc_get_update1033Mozilla/4.0https://license.piriform.com/update%d.%d
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_cc_help_performance_optimizer
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_cc_help_preloading
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_cc_help_schedule_setup?utm_source=ccleaner&utm_medium=application&ut
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_cc_pro_trialkeyhttps://license.piriform.com/verify/?p=ccpro&c=cc&lk=
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_deactivated_help
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_du_support
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_du_survey
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_du_systemprotection
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_du_systemrestoreinfo
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_no_license_error
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ccleaner.com/go/app_po_survey
          Source: CCleaner64.exe, 0000000F.00000003.7303223557.000001F7CC4F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
          Source: ccsetup624.exe, 00000000.00000003.7019826840.00000000077D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/de-ch/?ocid=iehp
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpString found in binary or memory: https://www.ssllabs.com/ssltest/viewMyClient.htmlLoading...purlEnter
          Source: unknownNetwork traffic detected: HTTP traffic on port 65208 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49188
          Source: unknownNetwork traffic detected: HTTP traffic on port 64507 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52596
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52597
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56714
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52595
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52598
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53445
          Source: unknownNetwork traffic detected: HTTP traffic on port 49577 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50670 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60099
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60416
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56160
          Source: unknownNetwork traffic detected: HTTP traffic on port 52576 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60415
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60412
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50744
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56729
          Source: unknownNetwork traffic detected: HTTP traffic on port 52570 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49188 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 64182 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 55228 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 63463 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54791
          Source: unknownNetwork traffic detected: HTTP traffic on port 51096 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57384
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58591
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57381
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64223
          Source: unknownNetwork traffic detected: HTTP traffic on port 55235 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 54861 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51608
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57706
          Source: unknownNetwork traffic detected: HTTP traffic on port 52571 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54554
          Source: unknownNetwork traffic detected: HTTP traffic on port 64146 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60099 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 62498 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52588 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65208
          Source: unknownNetwork traffic detected: HTTP traffic on port 56131 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 54791 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 62574 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49239 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52559 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65207
          Source: unknownNetwork traffic detected: HTTP traffic on port 52593 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64490
          Source: unknownNetwork traffic detected: HTTP traffic on port 64772 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 55230 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 64512 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52656 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51610
          Source: unknownNetwork traffic detected: HTTP traffic on port 65397 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 56009 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 56714 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52582 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52394
          Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52558
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52559
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
          Source: unknownNetwork traffic detected: HTTP traffic on port 64183 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54614
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52557
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50137
          Source: unknownNetwork traffic detected: HTTP traffic on port 64738 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52583 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 57706 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50140
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56362
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64772
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60616
          Source: unknownNetwork traffic detected: HTTP traffic on port 63911 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52595 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52569
          Source: unknownNetwork traffic detected: HTTP traffic on port 50662 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60415 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 56390 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58429
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
          Source: unknownNetwork traffic detected: HTTP traffic on port 53928 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56009
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50144
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54861
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52561
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
          Source: unknownNetwork traffic detected: HTTP traffic on port 55224 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52567
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52568
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59520
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57465
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52570
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52571
          Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56131
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65510
          Source: unknownNetwork traffic detected: HTTP traffic on port 52577 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 51610 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60416 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52574
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50152
          Source: unknownNetwork traffic detected: HTTP traffic on port 62680 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52572
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
          Source: unknownNetwork traffic detected: HTTP traffic on port 54614 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52573
          Source: unknownNetwork traffic detected: HTTP traffic on port 52584 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 55229 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52578
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52579
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52576
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52577
          Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 53445 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52578 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 56112 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52581
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52582
          Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52580
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63463
          Source: unknownNetwork traffic detected: HTTP traffic on port 57878 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 51759 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62498
          Source: unknownNetwork traffic detected: HTTP traffic on port 53131 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 57465 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 55234 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52572 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 55444 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 51760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53554
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52585
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52586
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52583
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52584
          Source: unknownNetwork traffic detected: HTTP traffic on port 52589 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52589
          Source: unknownNetwork traffic detected: HTTP traffic on port 57796 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52588
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63911
          Source: unknownNetwork traffic detected: HTTP traffic on port 56729 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 55223 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52592
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52593
          Source: unknownNetwork traffic detected: HTTP traffic on port 60025 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 58452
          Source: unknownNetwork traffic detected: HTTP traffic on port 52561 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52590
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52591
          Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56390
          Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64183
          Source: unknownNetwork traffic detected: HTTP traffic on port 51310 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64182
          Source: unknownNetwork traffic detected: HTTP traffic on port 52567 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65397
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63098
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64186
          Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62680
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55227
          Source: unknownNetwork traffic detected: HTTP traffic on port 54376 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55228
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55229
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54376
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55223
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55224
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55225
          Source: unknownNetwork traffic detected: HTTP traffic on port 56586 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55226
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55230
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55231
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55232
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64738
          Source: unknownNetwork traffic detected: HTTP traffic on port 60022 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60389 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 58452 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49577
          Source: unknownNetwork traffic detected: HTTP traffic on port 52591 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50228
          Source: unknownNetwork traffic detected: HTTP traffic on port 55232 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 61250 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 65039 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 54554 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51310
          Source: unknownNetwork traffic detected: HTTP traffic on port 58429 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52760
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55234
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55235
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55236
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60389
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60025
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55242
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64507
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60022
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60021
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65038
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60704
          Source: unknownNetwork traffic detected: HTTP traffic on port 52573 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65039
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
          Source: unknownNetwork traffic detected: HTTP traffic on port 51608 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
          Source: unknownNetwork traffic detected: HTTP traffic on port 56362 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52590 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61250
          Source: unknownNetwork traffic detected: HTTP traffic on port 60412 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53861
          Source: unknownNetwork traffic detected: HTTP traffic on port 55225 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
          Source: unknownNetwork traffic detected: HTTP traffic on port 53554 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 52656
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
          Source: unknownNetwork traffic detected: HTTP traffic on port 58591 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 57384 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57672
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57796
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56586
          Source: unknownNetwork traffic detected: HTTP traffic on port 52574 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62574
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64512
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64511
          Source: unknownNetwork traffic detected: HTTP traffic on port 52568 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49677
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
          Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64770
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
          Source: unknownNetwork traffic detected: HTTP traffic on port 52585 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
          Source: unknownNetwork traffic detected: HTTP traffic on port 65228 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
          Source: unknownNetwork traffic detected: HTTP traffic on port 59520 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
          Source: unknownNetwork traffic detected: HTTP traffic on port 64223 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52579 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56112
          Source: unknownNetwork traffic detected: HTTP traffic on port 60021 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 51987 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 59016 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 63671
          Source: unknownNetwork traffic detected: HTTP traffic on port 49253 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52596 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 63671 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 63098 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51987
          Source: unknownNetwork traffic detected: HTTP traffic on port 52592 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53928
          Source: unknownNetwork traffic detected: HTTP traffic on port 65038 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52586 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 55227 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49260
          Source: unknownNetwork traffic detected: HTTP traffic on port 50112 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52557 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 51097 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 56084
          Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53131
          Source: unknownNetwork traffic detected: HTTP traffic on port 52394 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 64770 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 65228
          Source: unknownNetwork traffic detected: HTTP traffic on port 55236 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49375 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 57381 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60121 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49376
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51759
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49375
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49254
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49253
          Source: unknownNetwork traffic detected: HTTP traffic on port 54375 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53932
          Source: unknownNetwork traffic detected: HTTP traffic on port 56084 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 55242 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 64186 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50662
          Source: unknownNetwork traffic detected: HTTP traffic on port 60616 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52580 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52598 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64146
          Source: unknownNetwork traffic detected: HTTP traffic on port 64603 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49376 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 64511 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 52569 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 55231 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50124 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51760
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50670
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55444
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50675
          Source: unknownNetwork traffic detected: HTTP traffic on port 52581 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49254 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 56160 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 60704 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 59016
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51096
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 51097
          Source: unknownNetwork traffic detected: HTTP traffic on port 64159 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64159
          Source: unknownNetwork traffic detected: HTTP traffic on port 52597 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 53932 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49239
          Source: unknownNetwork traffic detected: HTTP traffic on port 50228 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 65207 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 53861 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57878
          Source: unknownNetwork traffic detected: HTTP traffic on port 55226 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49260 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 57760
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 64603
          Source: unknownNetwork traffic detected: HTTP traffic on port 52558 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 54375
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 60121
          Source: unknownNetwork traffic detected: HTTP traffic on port 50675 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 57760 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 65510 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 57672 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 64490 -> 443
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50112 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.11.20:50113 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50114 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.11.20:50117 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50118 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50119 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50120 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50121 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50122 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.149.149.62:443 -> 192.168.11.20:50123 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50124 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50126 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50129 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50130 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.149.149.62:443 -> 192.168.11.20:50131 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.77.70.86:443 -> 192.168.11.20:50132 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50135 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50137 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50138 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50139 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50141 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50140 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50142 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50143 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50144 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50145 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50146 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:50147 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50152 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.149.149.62:443 -> 192.168.11.20:50153 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.11.20:50154 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:53932 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:53928 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:64183 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:64182 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:64186 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:58591 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:51760 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:60022 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:60025 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:49375 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:49376 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:60412 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:60415 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:60416 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:65039 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:65038 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:54554 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:51610 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:57796 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:64159 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:49254 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:64511 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:53445 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:54376 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:50675 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:51097 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:57384 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:65208 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:64772 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:65397 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55444 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:49239 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:64146 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52656 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55223 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55224 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.11.20:55225 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:55226 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:55227 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:55228 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:55229 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:55230 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 20.190.190.195:443 -> 192.168.11.20:55231 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55232 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55234 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.149.202.126:443 -> 192.168.11.20:55235 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55236 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:55242 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:64738 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.11.20:52558 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.160.176.28:443 -> 192.168.11.20:52559 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52561 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52567 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.111.24.1:443 -> 192.168.11.20:52568 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52569 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52570 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52571 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52573 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52576 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52578 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52579 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52581 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:52583 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:52584 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:52585 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:52586 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52588 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52590 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52591 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:52592 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 40.119.46.46:443 -> 192.168.11.20:52593 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52596 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 34.117.223.223:443 -> 192.168.11.20:52598 version: TLS 1.2

          Spam, unwanted Advertisements and Ransom Demands

          barindex
          Reads the Security eventlog
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShell
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShell
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\PowerShell
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
          Reads the System eventlog
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess Stats: CPU usage > 6%
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_0089DF0A GetCurrentProcessId,CreateFileW,GetLastError,Sleep,GetLastError,WriteFile,WriteFile,WriteFile,WriteFile,GetFileSizeEx,NtSetInformationFile,OutputDebugStringW,CloseHandle,10_2_0089DF0A
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008C13F0: GetSystemDirectoryW,GetLastError,GetVolumePathNameW,GetLastError,GetVolumeNameForVolumeMountPointW,GetLastError,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,10_2_008C13F0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008A1989 CreateProcessW,CreateEnvironmentBlock,CreateProcessAsUserW,GetLastError,WaitForSingleObject,GetExitCodeProcess,DestroyEnvironmentBlock,CloseHandle,CloseHandle,CloseHandle,10_2_008A1989
          Source: C:\Users\user\Desktop\ccsetup624.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile created: C:\Windows\Tasks\CCleanerCrashReporting.jobJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile created: C:\Windows\INF\ks.PNF
          Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Cache\200c82ed1ee77ed5a9052ffc717b2b8042df2af9
          Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Cache\a9a7360a9b569c132f23f73e069a082215e3a86b
          Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Cache\a9a7360a9b569c132f23f73e069a082215e3a86b\content.phf
          Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Cache\200c82ed1ee77ed5a9052ffc717b2b8042df2af9\content.phf
          Source: C:\Windows\System32\svchost.exeFile deleted: C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Cache\a9a7360a9b569c132f23f73e069a082215e3a86b\content.phf
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_0088308010_2_00883080
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008C809010_2_008C8090
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008BD04010_2_008BD040
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008901B210_2_008901B2
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008C729010_2_008C7290
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_0089138E10_2_0089138E
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008873A010_2_008873A0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008C23C010_2_008C23C0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008EE3E910_2_008EE3E9
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_0089433010_2_00894330
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008CA35010_2_008CA350
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_0089248810_2_00892488
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008C84D010_2_008C84D0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008BE46010_2_008BE460
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008BF5F010_2_008BF5F0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008EF6AA10_2_008EF6AA
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008E87D010_2_008E87D0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008E67E810_2_008E67E8
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008BF70D10_2_008BF70D
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008BB8D010_2_008BB8D0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008CC8D010_2_008CC8D0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008CB83010_2_008CB830
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_0088F84410_2_0088F844
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008DB86A10_2_008DB86A
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008CC9C010_2_008CC9C0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_0088DAA510_2_0088DAA5
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008B8AC010_2_008B8AC0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008C7AC010_2_008C7AC0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008DBBB210_2_008DBBB2
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008F4C7710_2_008F4C77
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008C7D4010_2_008C7D40
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008ACEFB10_2_008ACEFB
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_00890E6510_2_00890E65
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008B3FAB10_2_008B3FAB
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008F6FC910_2_008F6FC9
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008DBF1710_2_008DBF17
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008C23C011_2_008C23C0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008BB8D011_2_008BB8D0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008B8AC011_2_008B8AC0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008B3FAB11_2_008B3FAB
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_0088308011_2_00883080
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008C809011_2_008C8090
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008BD04011_2_008BD040
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008901B211_2_008901B2
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008C729011_2_008C7290
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_0089138E11_2_0089138E
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008873A011_2_008873A0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008EE3E911_2_008EE3E9
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_0089433011_2_00894330
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008CA35011_2_008CA350
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_0089248811_2_00892488
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008C84D011_2_008C84D0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008BE46011_2_008BE460
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008BF5F011_2_008BF5F0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008EF6AA11_2_008EF6AA
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008E87D011_2_008E87D0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008E67E811_2_008E67E8
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008BF70D11_2_008BF70D
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008CC8D011_2_008CC8D0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008CB83011_2_008CB830
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_0088F84411_2_0088F844
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008DB86A11_2_008DB86A
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008CC9C011_2_008CC9C0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_0088DAA511_2_0088DAA5
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008C7AC011_2_008C7AC0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008DBBB211_2_008DBBB2
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008C7D4011_2_008C7D40
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008ACEFB11_2_008ACEFB
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_00890E6511_2_00890E65
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008DBF1711_2_008DBF17
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: String function: 008D4305 appears 82 times
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: String function: 008DD493 appears 81 times
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: String function: 0089DEFB appears 200 times
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: String function: 008EA3D9 appears 37 times
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: String function: 0089E3A4 appears 94 times
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: String function: 008D4630 appears 115 times
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: String function: 008D42D2 appears 274 times
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: String function: 008ED776 appears 40 times
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: String function: 008D433B appears 34 times
          Source: lang-1038.dll.0.drStatic PE information: Resource name: RT_STRING type: basic-16 executable not stripped
          Source: lang-1043.dll.0.drStatic PE information: Resource name: RT_STRING type: PDP-11 pure executable not stripped
          Source: lang-1043.dll.0.drStatic PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
          Source: lang-1045.dll.0.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV executable not stripped
          Source: lang-1048.dll.0.drStatic PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
          Source: lang-1050.dll.0.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable large model (COFF) not stripped
          Source: lang-1053.dll.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
          Source: lang-1055.dll.0.drStatic PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
          Source: lang-1056.dll.0.drStatic PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
          Source: lang-1057.dll.0.drStatic PE information: Resource name: RT_STRING type: 370 sysV pure executable not stripped
          Source: lang-1057.dll.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM)
          Source: lang-1057.dll.0.drStatic PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
          Source: lang-1058.dll.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM)
          Source: lang-1026.dll.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM)
          Source: lang-1026.dll.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
          Source: lang-1032.dll.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
          Source: lang-1032.dll.0.drStatic PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
          Source: lang-1032.dll.0.drStatic PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
          Source: lang-1034.dll.0.drStatic PE information: Resource name: RT_STRING type: 0420 Alliant virtual executable not stripped
          Source: lang-1060.dll.0.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable small model (COFF) not stripped
          Source: lang-1060.dll.0.drStatic PE information: Resource name: RT_STRING type: PDP-11 separate I&D executable not stripped
          Source: lang-1063.dll.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
          Source: lang-1063.dll.0.drStatic PE information: Resource name: RT_STRING type: x86 executable (TV) not stripped
          Source: lang-1063.dll.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
          Source: lang-1065.dll.0.drStatic PE information: Resource name: RT_STRING type: x86 executable (TV) not stripped
          Source: lang-1065.dll.0.drStatic PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
          Source: lang-1066.dll.0.drStatic PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
          Source: lang-1036.dll.0.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-III ECOFF executable not stripped - version 0.109
          Source: lang-1036.dll.0.drStatic PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
          Source: lang-1038.dll0.0.drStatic PE information: Resource name: RT_STRING type: basic-16 executable not stripped
          Source: lang-1043.dll0.0.drStatic PE information: Resource name: RT_STRING type: PDP-11 pure executable not stripped
          Source: lang-1043.dll0.0.drStatic PE information: Resource name: RT_STRING type: 0421 Alliant compact executable not stripped
          Source: lang-1045.dll0.0.drStatic PE information: Resource name: RT_STRING type: 370 XA sysV executable not stripped
          Source: lang-1081.dll.0.drStatic PE information: Resource name: RT_STRING type: x86 executable not stripped
          Source: lang-1081.dll.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM)
          Source: lang-1086.dll.0.drStatic PE information: Resource name: RT_STRING type: MIPSEB-LE MIPS-II ECOFF executable not stripped - version 0.108
          Source: lang-1093.dll.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
          Source: lang-1048.dll0.0.drStatic PE information: Resource name: RT_STRING type: VAX-order2 68k Blit mpx/mux executable
          Source: lang-1050.dll0.0.drStatic PE information: Resource name: RT_STRING type: iAPX 286 executable large model (COFF) not stripped
          Source: lang-1053.dll0.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
          Source: lang-1050.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1041.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1056.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1035.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1038.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1053.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1044.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1026.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1050.dll0.0.drStatic PE information: No import functions for PE file found
          Source: lang-1081.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1090.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1032.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1093.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1042.dll0.0.drStatic PE information: No import functions for PE file found
          Source: lang-1087.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1063.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1092.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1034.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1049.dll0.0.drStatic PE information: No import functions for PE file found
          Source: lang-1040.dll0.0.drStatic PE information: No import functions for PE file found
          Source: lang-1028.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1086.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1040.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1109.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1053.dll0.0.drStatic PE information: No import functions for PE file found
          Source: lang-1057.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1046.dll0.0.drStatic PE information: No import functions for PE file found
          Source: lang-1062.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1045.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1051.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1043.dll0.0.drStatic PE information: No import functions for PE file found
          Source: lang-1068.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1027.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1110.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1079.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1041.dll0.0.drStatic PE information: No import functions for PE file found
          Source: lang-1052.dll0.0.drStatic PE information: No import functions for PE file found
          Source: lang-1104.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1067.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1058.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1055.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1052.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1044.dll0.0.drStatic PE information: No import functions for PE file found
          Source: lang-1043.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1046.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1049.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1061.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1060.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1031.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1037.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1066.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1054.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1025.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1048.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1038.dll0.0.drStatic PE information: No import functions for PE file found
          Source: lang-1029.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1045.dll0.0.drStatic PE information: No import functions for PE file found
          Source: lang-1036.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1051.dll0.0.drStatic PE information: No import functions for PE file found
          Source: lang-1071.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1102.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1030.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1065.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1042.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1059.dll.0.drStatic PE information: No import functions for PE file found
          Source: lang-1048.dll0.0.drStatic PE information: No import functions for PE file found
          Source: ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameButtonEvent.dllR vs ccsetup624.exe
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepfUI.dll* vs ccsetup624.exe
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAvastAdSDK_Release Static.dll@ vs ccsetup624.exe
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameButtonEvent.dllR vs ccsetup624.exe
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: k\//\Unable to open directory '{}' for writing!Unable to create directory '{}'!..\*Unable to expand %TEMP% environment variable!%TEMP%Unable to expand %TMP{} environment variable!%TMP%.sys{}\{}{:016x}.{}Unable to retrieve the system drive letter!\TempUnable to make a .sys copyaswtmpCannot query a .sys file version from PPL process '{}'VerQueryValueW signature is invalidVerQueryValueWGetFileVersionInfoWGetFileVersionInfoSizeWget_version: '{}'FileVersionFileDescriptionCompanyNameOriginalFilenameProductIdFailed to get file write time '{}'Unable to get file size!.exe.dllset_file_contentset_file_content '{}'NtOpenFile\??\nocase::compare right nullparamnocase::compare left nullparaminvalid string_view positionNtQueryInformationProcess Unable to create file mapping!Unable to create mapping view!Unable to map a view outside of the file mapping!Unable to map a view of uninitialized mapping!settings.iniavast5.iniPlaceholderBrandShortNameUnable to determine legacy product enumeration from product identifier!Invalid product id!Unable to convert module "{}" to product enum.pappamfoundationatrksuitefamilysqcccclclearsbbgbsduicarusavav-vpsvpntuPiriformAviraNortonPlaceholderBrandCompanyPlaceholderBrandAvast SoftwareAVGPrivaxprivaxpiriformaviranortonavastavgblockdebug{{{}}} {}warningnoticefnctioninfoevent formatting failed[{}] [{:7}] [{:11}] [{:5}:{:5}] [{:6}:{:4}] {}fatalthread{:04}-{:02}-{:02} {:02}:{:02}:{:02}.{:03}FTimeToSysTime fail vs ccsetup624.exe
          Source: ccsetup624.exe, 00000000.00000003.7435901036.0000000005BD0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameccleaner.exe2 vs ccsetup624.exe
          Source: ccsetup624.exe, 00000000.00000002.7472158907.0000000004008000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameccleaner.exe2 vs ccsetup624.exe
          Source: ccsetup624.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: classification engineClassification label: mal40.spyw.evad.winEXE@55/252@77/34
          Source: C:\Users\user\Desktop\ccsetup624.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008A18BA GetCurrentThread,OpenThreadToken,OpenThreadToken,GetLastError,GetLastError,ImpersonateSelf,GetLastError,OpenThreadToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,10_2_008A18BA
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008A3B74 VariantInit,CoCreateInstance,VariantClear,VariantClear,CoCreateInstance,10_2_008A3B74
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_00889BC1 LoadResource,LockResource,SizeofResource,10_2_00889BC1
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008A1C09 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,QueryServiceStatus,QueryServiceStatusEx,ControlService,ControlService,Sleep,QueryServiceStatus,OpenProcess,TerminateProcess,CloseHandle,Sleep,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,10_2_008A1C09
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleanerJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite-walJump to behavior
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8960:120:WilError_03
          Source: C:\Program Files\CCleaner\CCleaner64.exeMutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_SystemTraySingleIcon
          Source: C:\Program Files\CCleaner\CCleaner64.exeMutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_Monitoring
          Source: C:\Program Files\CCleaner\CCleaner64.exeMutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_MainInstance
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeMutant created: \Sessions\1\BaseNamedObjects\Global\AvastBugReport-F44FD5F2-ED43-485f-8A66-041B81E21AC2
          Source: C:\Program Files\CCleaner\CCleaner64.exeMutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_PreventSecondInstance
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5064:304:WilStaging_02
          Source: C:\Program Files\CCleaner\CCleaner64.exeMutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_Checking_for_Updates
          Source: C:\Program Files\CCleaner\CCleaner64.exeMutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_SystemTrayMonitorIconActive
          Source: C:\Program Files\CCleaner\CCUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Global\CCleanerSetupMutex
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8960:304:WilStaging_02
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5064:120:WilError_03
          Source: C:\Program Files\CCleaner\CCleaner64.exeMutant created: \Sessions\1\BaseNamedObjects\Piriform_CCleaner_SystemTrayIconActive
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nsx92D7.tmpJump to behavior
          Source: ccsetup624.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\ccsetup624.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select name,processid,commandline,executablepath from win32_process
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecNotificationQuery - root\cimv2 : SELECT ProcessID FROM Win32_ProcessTrace WHERE __CLASS = 'Win32_ProcessStartTrace' OR __CLASS = 'Win32_ProcessStopTrace'
          Source: C:\Users\user\Desktop\ccsetup624.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
          Source: CCUpdate.exeString found in binary or memory: /installer
          Source: C:\Users\user\Desktop\ccsetup624.exeFile read: C:\Users\user\Desktop\ccsetup624.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\ccsetup624.exe "C:\Users\user\Desktop\ccsetup624.exe"
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe" /reg
          Source: unknownProcess created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe"
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess created: C:\Program Files\CCleaner\CCUpdate.exe CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\605d9d3c-b428-4c6f-bed7-a0262acb20a2.dll"
          Source: unknownProcess created: C:\Program Files\CCleaner\CCleanerBugReport.exe "C:\Program Files\CCleaner\CCleanerBugReport.exe" --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5c75d985-5a4f-4231-b996-70bdb906d557" --version "6.24.11060" --silent
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Program Files\CCleaner\CCleaner.exe "C:\Program Files\CCleaner\CCleaner.exe" 0
          Source: C:\Program Files\CCleaner\CCleaner.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" 0
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p -s DoSvc
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /monitor
          Source: unknownProcess created: C:\Windows\System32\wbem\unsecapp.exe C:\Windows\system32\wbem\unsecapp.exe -Embedding
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe"
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,9984978765859357333,6736122754470887956,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:8
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe --pid=5804
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: unknownProcess created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe "C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe"
          Source: unknownProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
          Source: unknownProcess created: C:\Program Files\CCleaner\CCleaner.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
          Source: C:\Program Files\CCleaner\CCleaner.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
          Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s SmsRouter
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe" /regJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess created: C:\Program Files\CCleaner\CCUpdate.exe CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\605d9d3c-b428-4c6f-bed7-a0262acb20a2.dll"Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" 0
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /monitor
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe --pid=5804
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,9984978765859357333,6736122754470887956,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:8
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
          Source: C:\Program Files\CCleaner\CCleaner.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: oleacc.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: msimg32.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: webio.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: wscapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: netapi32.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: esent.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: samcli.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: atlthunk.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: ieframe.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: wkscli.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: dataexchange.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: d3d11.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: dcomp.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: twinapi.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: taskschd.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: rstrtmgr.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: riched20.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: usp10.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: msls31.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: linkinfo.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: ntshrui.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: cscapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: mlang.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: policymanager.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSection loaded: msvcp110_win.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: capabilityaccessmanager.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: capabilityaccessmanagerclient.dllJump to behavior
          Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dxgi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dbghelp.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: oleacc.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: usp10.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: windowscodecs.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: taskschd.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dbgcore.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mstask.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: version.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: webio.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: resourcepolicyclient.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: version.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: cabinet.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: taskschd.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: xmllite.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: webio.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: version.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: cabinet.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: powrprof.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: edgegdi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: umpdc.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: taskschd.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: xmllite.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: version.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: wininet.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: winhttp.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: cabinet.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: dnsapi.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: userenv.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: wtsapi32.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: powrprof.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: edgegdi.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: iphlpapi.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: umpdc.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: kernel.appcore.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: webio.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: mswsock.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: winnsi.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: sspicli.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: fwpuclnt.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: rasadhlp.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: schannel.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: mskeyprotect.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ntasn1.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ncrypt.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ncryptsslp.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: msasn1.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: cryptsp.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: rsaenh.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: cryptbase.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: gpapi.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: dpapi.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: dhcpcsvc6.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: dhcpcsvc.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: windows.storage.dll
          Source: C:\Program Files\CCleaner\CCUpdate.exeSection loaded: wldp.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: wtsapi32.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: powrprof.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: winhttp.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: version.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: edgegdi.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: umpdc.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: cryptbase.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: dbghelp.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: dbgcore.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: kernel.appcore.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: cryptsp.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: rsaenh.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: windows.storage.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: wldp.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: profapi.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: webio.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: mswsock.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: iphlpapi.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: winnsi.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: sspicli.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: dnsapi.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: rasadhlp.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: fwpuclnt.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: schannel.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: mskeyprotect.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: ntasn1.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: ncrypt.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: ncryptsslp.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: msasn1.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: gpapi.dll
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSection loaded: dpapi.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: dnsapi.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: winhttp.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: userenv.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: powrprof.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: dxgi.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: dbghelp.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: winmm.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: secur32.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: urlmon.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: oleacc.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: usp10.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: iertutil.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: srvcli.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: netutils.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: cryptbase.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: sspicli.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: iphlpapi.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: edgegdi.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: umpdc.dll
          Source: C:\Program Files\CCleaner\CCleaner.exeSection loaded: kernel.appcore.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: userenv.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: powrprof.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dxgi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dbghelp.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: winmm.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: secur32.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: urlmon.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: oleacc.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: usp10.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dnsapi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: winhttp.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: iertutil.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: srvcli.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: netutils.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: cryptbase.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: sspicli.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: edgegdi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: umpdc.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: iphlpapi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: kernel.appcore.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: uxtheme.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: windowscodecs.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: taskschd.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dbgcore.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mstask.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mpr.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: version.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: cryptsp.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: rsaenh.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: windows.storage.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: wldp.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: profapi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: atlthunk.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: webio.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mswsock.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: winnsi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: wtsapi32.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: winsta.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: d2d1.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dwrite.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dwmapi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: rasadhlp.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: fwpuclnt.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dataexchange.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: d3d11.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dcomp.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: twinapi.appcore.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: textshaping.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: wscapi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: netprofm.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: npmproxy.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: newdev.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: devobj.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: devrtl.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: resourcepolicyclient.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ncrypt.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ntasn1.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dpapi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dxcore.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ntmarta.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: wbemcomn.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: amsi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dhcpcsvc6.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dhcpcsvc.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: xmllite.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: schannel.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: textinputframework.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: coreuicomponents.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: coremessaging.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: wintypes.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: wintypes.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: wintypes.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: appresolver.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: bcp47langs.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: slc.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: sppc.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: propsys.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: linkinfo.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ntshrui.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: cscapi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: policymanager.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: msvcp110_win.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: taskflowdataengine.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: cdp.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dsreg.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: onecorecommonproxystub.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mskeyprotect.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ncryptsslp.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: msasn1.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: gpapi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: rstrtmgr.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: esent.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: msimg32.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: libwaheap.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: libwautils.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: msi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: mpr.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: authz.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: netapi32.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: samcli.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: logoncli.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: edputil.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: windows.staterepositoryps.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: onecoreuapcommonproxystub.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dsparse.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: explorerframe.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: wininet.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: apphelp.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: rstrtmgr.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: rstrtmgr.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: drvstore.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: spinf.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: spfileq.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: msports.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: rtkcoldr64.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: rcoinstii64.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: rcoinstii64.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: edgegdi.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: dosvc.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: logoncli.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: wmiclnt.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: wbemcomn.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: storageusage.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: wer.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: netapi32.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: dsreg.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: windows.web.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: userenv.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: powrprof.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dxgi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dbghelp.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: winmm.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: secur32.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: urlmon.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: oleacc.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: usp10.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: dnsapi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: winhttp.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: iertutil.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: srvcli.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: netutils.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: cryptbase.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: sspicli.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: edgegdi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: umpdc.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: iphlpapi.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: kernel.appcore.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: uxtheme.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeSection loaded: windowscodecs.dll
          Source: C:\Users\user\Desktop\ccsetup624.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeFile written: C:\Program Files\CCleaner\Setup\853f33e8-7d58-420f-bf5d-8f7f56e9f9d4.iniJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeAutomated click: Install
          Source: C:\Users\user\Desktop\ccsetup624.exeAutomated click: OK
          Source: C:\Users\user\Desktop\ccsetup624.exeAutomated click: OK
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Program Files\CCleaner\CCleaner64.exeWindow detected: Number of UI elements: 13
          Source: C:\Program Files\CCleaner\CCleaner64.exeWindow detected: Number of UI elements: 13
          Source: C:\Program Files\CCleaner\CCleaner64.exeWindow detected: Number of UI elements: 13
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleanerJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleaner.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleaner64.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCUpdate.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\LangJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1025.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1026.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1027.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1028.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1029.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1030.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1031.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1032.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1034.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1035.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1036.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1037.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1038.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1040.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1041.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1042.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1043.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1044.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1045.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1046.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1048.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1049.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1050.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1051.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1052.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1053.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1054.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1055.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1056.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1057.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1058.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1059.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1060.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1061.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1062.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1063.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1065.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1066.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1067.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1068.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1079.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1071.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1081.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1086.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1087.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1090.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1092.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1093.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1102.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1104.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1109.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1110.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-1155.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-2052.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-2070.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-2074.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-3098.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-5146.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\Lang\lang-9999.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleanerDU.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleanerReactivator.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\libwaapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\libwaheap.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\libwalocal.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\libwaresource.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\libwautils.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\libwavmodapi.dllJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleanerBugReport.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\CCleanerReactivator.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exeJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDirectory created: C:\Program Files\CCleaner\uninst.exeJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOGJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Setup\config.defJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeDirectory created: C:\Program Files\CCleaner\Setup\Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeDirectory created: C:\Program Files\CCleaner\Setup\853f33e8-7d58-420f-bf5d-8f7f56e9f9d4.iniJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeDirectory created: C:\Program Files\CCleaner\Setup\605d9d3c-b428-4c6f-bed7-a0262acb20a2.dllJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeDirectory created: C:\Program Files\CCleaner\Setup\63748cba-e338-4416-be16-706152c97125.xmlJump to behavior
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeDirectory created: C:\Program Files\CCleaner\log\BugReport.log.tmp.2007bd58-c3be-44a2-9167-96084d257b0c
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeDirectory created: C:\Program Files\CCleaner\log\BugReport.status
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\gcapi_dll.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log.tmp.c01d7b4c-98f7-4af6-a5c4-744eb5314610
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\DriverUpdEng.log.tmp.4927514b-1d2e-48d7-870b-e36937b3c7f0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log.tmp.7b3a1f05-e63f-4567-aff7-e7586967b71b
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\journal
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\log
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\report
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\chest
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\moved
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\fw
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\event_manager.log.tmp.a71b6340-95af-4f1d-b416-e1c043d0af4b
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\burger_client
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\burger_client\825E3DD4-926B-4EB9-A66E-9F88AAD28A0F
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\usercfg.ini
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\BackupStorage
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\a9bc366c-b65c-4916-986c-1b8f5527fd80
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\su_controller.log.tmp.8d33715d-81ec-4dd3-aeeb-5389f834a4a8
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\su_telemetry.log.tmp.ece4a2de-5ce0-4527-be1c-19f20fd5c898
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\burger_client
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\burger_client\825E3DD4-926B-4EB9-A66E-9F88AAD28A0F
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\d9420f54-15f3-493a-8ecd-482380edd479
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\su_adapter.log.tmp.07f7c365-aa43-494f-b587-6f53e0f9a850
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\state_cache.json.{5D730CDA-315C-40BC-918E-17D18B6ED9E7}
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\fe87aadb-4427-48bb-b4b1-2e2bcc521634
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\DUState.dat
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\StateHistory
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-05-26 12-45-08-542.dat
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\Data\StateHistory\InitialDUState V23_4.dat
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\gcapi_dll.dll
          Source: C:\Program Files\CCleaner\CCleaner64.exeDirectory created: C:\Program Files\CCleaner\gcapi_dll.dll
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeDirectory created: C:\Program Files\CCleaner\LOG\pd.log.tmp.9748da04-3208-429e-9370-b1d805662b00
          Source: ccsetup624.exeStatic PE information: certificate valid
          Source: ccsetup624.exeStatic file information: File size 83689152 > 1048576
          Source: ccsetup624.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: gcapi_dll.dll.pdb| source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmp
          Source: Binary string: C:\BUILD\work\1878ef5ed829e50b\bin\CCleaner\Release Static\x64\CCleaner64.pdb source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmp
          Source: Binary string: C:\BUILD\work\848d668bab18d6e2\bin_x86\v143\Release Static\neutral\pfUI_link.pdb source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\BUILD\work\3ec84b7238d5b18a\BUILDS\Release\x86\AvastAdSDK_Release Static.pdb source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\BUILD\work\848d668bab18d6e2\bin_x86\v143\Release Static\neutral\pfUI_link.pdb# source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: gcapi_dll.dll.pdb source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmp
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008A1750 GetSystemDirectoryW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,10_2_008A1750
          Source: C:\Users\user\Desktop\ccsetup624.exeCode function: 0_3_04382F21 push eax; retf 0_3_04382F25
          Source: C:\Users\user\Desktop\ccsetup624.exeCode function: 0_3_0437F714 push esi; ret 0_3_0437F76C
          Source: C:\Users\user\Desktop\ccsetup624.exeCode function: 0_3_042EFB62 push FFFFFFD8h; ret 0_3_042EFB75
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008D42A0 push ecx; ret 10_2_008D42B3
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008FA90B push ecx; ret 10_2_008FA920
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008D42A0 push ecx; ret 11_2_008D42B3
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD03A push 30025683h; iretd 14_3_072CD081
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD03A push 30025683h; iretd 14_3_072CD081
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD03A push 30025683h; iretd 14_3_072CD081
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD03A push 30025683h; iretd 14_3_072CD081
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD03A push 30025683h; iretd 14_3_072CD081
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072D1E00 push eax; iretd 14_3_072D1E01
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072D1E00 push eax; iretd 14_3_072D1E01
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072D1E00 push eax; iretd 14_3_072D1E01
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072D1E00 push eax; iretd 14_3_072D1E01
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072D1E00 push eax; iretd 14_3_072D1E01
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD012 push 30025687h; iretd 14_3_072CD029
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD012 push 30025687h; iretd 14_3_072CD029
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD012 push 30025687h; iretd 14_3_072CD029
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD012 push 30025687h; iretd 14_3_072CD029
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD012 push 30025687h; iretd 14_3_072CD029
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD0AC push 30072758h; iretd 14_3_072CD0B1
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD0AC push 30072758h; iretd 14_3_072CD0B1
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD0AC push 30072758h; iretd 14_3_072CD0B1
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD0AC push 30072758h; iretd 14_3_072CD0B1
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD0AC push 30072758h; iretd 14_3_072CD0B1
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD082 push 30025682h; iretd 14_3_072CD091
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD082 push 30025682h; iretd 14_3_072CD091
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD082 push 30025682h; iretd 14_3_072CD091
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD082 push 30025682h; iretd 14_3_072CD091
          Source: C:\Program Files\CCleaner\CCleaner.exeCode function: 14_3_072CD082 push 30025682h; iretd 14_3_072CD091

          Persistence and Installation Behavior

          barindex
          Contains functionality to infect the boot sector
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u10_2_008C1760
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u10_2_008C19E0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u10_2_008C1D00
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-3098.dllJump to dropped file
          Source: C:\Program Files\CCleaner\CCUpdate.exeFile created: C:\Program Files\CCleaner\Setup\605d9d3c-b428-4c6f-bed7-a0262acb20a2.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1027.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\p\pfBL.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1035.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1061.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\CCleaner64.exeJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1043.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1081.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1055.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1065.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\UserInfo.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1045.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1030.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\libwaheap.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\uninst.exeJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1053.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-5146.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1025.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1071.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1049.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1053.dllJump to dropped file
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile created: C:\Program Files\CCleaner\gcapi_dll.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1040.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1041.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1104.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1071.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1037.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1086.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1037.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-3098.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1067.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1068.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1055.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1042.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1057.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\nsProcess.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1065.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1025.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1068.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1048.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1155.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1035.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-2052.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-5146.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1031.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1052.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\libwalocal.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\g\gcapi_dll.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1063.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1046.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1050.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1031.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1061.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1155.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1087.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1057.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1044.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\CCleanerBugReport.exeJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1027.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1093.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1029.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1059.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1046.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\libwaapi.dllJump to dropped file
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile created: C:\Program Files\CCleaner\gcapi_17167274745116.dll (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1063.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1029.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1050.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1059.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1093.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\CCUpdate.exeJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-2052.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\CCleanerReactivator.exeJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1087.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1044.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1052.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\wa_3rd_party_host_64.exeJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1036.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1060.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1038.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1028.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\libwavmodapi.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\libwaresource.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-9999.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1090.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1026.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-2070.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1062.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1102.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1048.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\nsDialogs.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1110.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1079.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1056.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1066.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1038.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\p\ServiceUninstaller.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1079.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1036.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-2074.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1054.dllJump to dropped file
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile created: C:\Program Files\CCleaner\gcapi_17167274625804.dll (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\INetC.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1067.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1110.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1042.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\libwautils.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-9999.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1104.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1090.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1041.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1054.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1049.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1034.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-2074.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1051.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1030.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ButtonEvent.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1058.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1056.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\a\asdk.dllJump to dropped file
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile created: C:\Program Files\CCleaner\gcapi_17167274765172.dll (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1032.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1086.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1102.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1060.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1066.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1026.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1043.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1092.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1040.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\pfUI.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-2070.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1092.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1109.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1051.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\CCleanerReactivator.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1034.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1062.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\CCleanerDU.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\CCleaner.exeJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1032.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1045.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1058.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1081.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Program Files\CCleaner\Lang\lang-1028.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1109.dllJump to dropped file
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_0089BA23 GetCommandLineW,GetSystemTime,GetDateFormatW,GetTimeFormatW,GetVersionExW,GetLastError,GetNativeSystemInfo,CallNtPowerInformation,GlobalMemoryStatusEx,GetCurrentProcess,GetSystemDirectoryW,GetLastError,LoadLibraryW,GetProcAddress,FreeLibrary,GetSystemWow64DirectoryW,GetModuleFileNameW,GetFileAttributesExW,GetPrivateProfileStringW,GetPrivateProfileSectionW,CreateDirectoryW,GetTempPathW,GetCurrentDirectoryW,10_2_0089BA23

          Boot Survival

          barindex
          Contains functionality to infect the boot sector
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: GetVersion,CreateFileW,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u10_2_008C1760
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u10_2_008C19E0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: CreateFileW,GetLastError,DeviceIoControl,GetLastError,DeviceIoControl,GetLastError,CloseHandle, \\.\PhysicalDrive%u10_2_008C1D00
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile created: C:\Windows\Tasks\CCleanerCrashReporting.jobJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgrJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleanerJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnkJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeFile created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.urlJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008A1C09 OpenSCManagerW,GetLastError,OpenServiceW,GetLastError,QueryServiceStatus,QueryServiceStatusEx,ControlService,ControlService,Sleep,QueryServiceStatus,OpenProcess,TerminateProcess,CloseHandle,Sleep,StartServiceW,CloseServiceHandle,CloseServiceHandle,CloseServiceHandle,10_2_008A1C09
          Source: C:\Program Files\CCleaner\CCleaner64.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CCleaner Smart Cleaning
          Source: C:\Program Files\CCleaner\CCleaner64.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CCleaner Smart Cleaning
          Source: C:\Program Files\CCleaner\CCleaner64.exeRegistry key monitored for changes: HKEY_CURRENT_USER\SOFTWARE
          Source: C:\Program Files\CCleaner\CCleaner64.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCUpdate.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: 0000000F.00000003.7317546900.000001F7D525B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000003.7319185688.000001F7D5CB6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000003.7318267290.000001F7D5B04000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000F.00000003.7317890417.000001F7D59E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
          Source: C:\Program Files\CCleaner\CCUpdate.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_11-49852
          Query firmware table information (likely to detect VMs)
          Source: C:\Users\user\Desktop\ccsetup624.exeSystem information queried: FirmwareTableInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeSystem information queried: FirmwareTableInformationJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformationJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSystem information queried: FirmwareTableInformationJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCUpdate.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeSystem information queried: FirmwareTableInformation
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeMemory allocated: 4F90000 memory reserve | memory write watch
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeMemory allocated: 61B0000 memory reserve | memory write watch
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeMemory allocated: 4F90000 memory reserve | memory write watch
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened / queried: C:\Program Files\VMware\VMware Horizon View Client
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened / queried: C:\Program Files (x86)\VMware\VMware Player
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened / queried: C:\Program Files\VMware\VMware Workstation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened / queried: C:\Program Files\Hyper-V\
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened / queried: C:\Program Files\VMware\VMware Player
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened / queried: C:\Program Files (x86)\VMware\VMware Horizon View Client
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened / queried: C:\Program Files (x86)\VMware\VMware Workstation
          Source: C:\Users\user\Desktop\ccsetup624.exeCode function: 0_3_042F1000 sldt word ptr [eax+00000000h]0_3_042F1000
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeThread delayed: delay time: 922337203685477
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeThread delayed: delay time: 900000
          Source: C:\Program Files\CCleaner\CCleaner64.exeWindow / User API: threadDelayed 9596
          Source: C:\Program Files\CCleaner\CCleaner64.exeWindow / User API: threadDelayed 626
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeWindow / User API: threadDelayed 1977
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-3098.dllJump to dropped file
          Source: C:\Program Files\CCleaner\CCUpdate.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Setup\605d9d3c-b428-4c6f-bed7-a0262acb20a2.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1027.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\p\pfBL.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1061.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1035.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1043.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1081.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1055.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1065.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\UserInfo.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1045.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1030.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\uninst.exeJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1053.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-5146.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1025.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1071.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1049.dllJump to dropped file
          Source: C:\Program Files\CCleaner\CCleaner64.exeDropped PE file which has not been started: C:\Program Files\CCleaner\gcapi_dll.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1053.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1040.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1041.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1104.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1071.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1037.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1086.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1037.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-3098.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1067.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1068.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1055.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1057.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1042.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\nsProcess.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1065.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1025.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1068.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1155.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1048.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1035.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-2052.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-5146.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1031.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\libwalocal.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1052.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\g\gcapi_dll.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1063.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1050.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1031.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1046.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1061.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1155.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1087.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1057.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1044.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1027.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1093.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1029.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1059.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\libwaapi.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1046.dllJump to dropped file
          Source: C:\Program Files\CCleaner\CCleaner64.exeDropped PE file which has not been started: C:\Program Files\CCleaner\gcapi_17167274745116.dll (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1029.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1063.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1059.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1050.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1093.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-2052.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1087.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\CCleanerReactivator.exeJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1044.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1052.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\wa_3rd_party_host_64.exeJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1036.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1060.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1038.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1028.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\libwavmodapi.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\libwaresource.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-9999.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1090.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-2070.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1026.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1062.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1102.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1048.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\nsDialogs.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1079.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1110.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1056.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1038.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1066.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\p\ServiceUninstaller.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1079.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1036.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-2074.dllJump to dropped file
          Source: C:\Program Files\CCleaner\CCleaner64.exeDropped PE file which has not been started: C:\Program Files\CCleaner\gcapi_17167274625804.dll (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1054.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\INetC.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1067.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1110.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1042.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-9999.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1104.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1090.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1041.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1054.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1049.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1034.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-2074.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1051.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ButtonEvent.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1030.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1058.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1056.dllJump to dropped file
          Source: C:\Program Files\CCleaner\CCleaner64.exeDropped PE file which has not been started: C:\Program Files\CCleaner\gcapi_17167274765172.dll (copy)Jump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\a\asdk.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1032.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1086.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1102.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1060.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1066.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1026.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1092.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1043.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1040.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\pfUI.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-2070.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1092.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1109.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1051.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\CCleanerReactivator.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1034.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1062.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\CCleanerDU.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1032.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1045.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1058.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1081.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Program Files\CCleaner\Lang\lang-1028.dllJump to dropped file
          Source: C:\Users\user\Desktop\ccsetup624.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1109.dllJump to dropped file
          Source: C:\Program Files\CCleaner\CCUpdate.exeEvasive API call chain: RegQueryValue,DecisionNodes,ExitProcessgraph_11-49358
          Source: C:\Program Files\CCleaner\CCUpdate.exeEvasive API call chain: RegOpenKey,DecisionNodes,ExitProcessgraph_11-49990
          Source: C:\Program Files\CCleaner\CCUpdate.exeAPI coverage: 2.0 %
          Source: C:\Users\user\Desktop\ccsetup624.exe TID: 8520Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exe TID: 8520Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 8732Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exe TID: 6832Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exe TID: 6832Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exe TID: 8896Thread sleep time: -30000s >= -30000s
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exe TID: 8912Thread sleep time: -30000s >= -30000s
          Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 7768Thread sleep time: -30000s >= -30000s
          Source: C:\Windows\System32\svchost.exe TID: 4328Thread sleep time: -60000s >= -30000s
          Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 5008Thread sleep time: -60000s >= -30000s
          Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 1600Thread sleep time: -240000s >= -30000s
          Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 1600Thread sleep time: -9596000s >= -30000s
          Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 1372Thread sleep time: -60000s >= -30000s
          Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 9568Thread sleep count: 218 > 30
          Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 9568Thread sleep count: 626 > 30
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7904Thread sleep count: 1977 > 30
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7148Thread sleep time: -922337203685477s >= -30000s
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exe TID: 7148Thread sleep time: -900000s >= -30000s
          Source: C:\Program Files\CCleaner\CCleaner64.exe TID: 7068Thread sleep time: -30000s >= -30000s
          Source: C:\Windows\System32\svchost.exe TID: 9376Thread sleep time: -30000s >= -30000s
          Source: C:\Users\user\Desktop\ccsetup624.exeFile opened: PhysicalDrive0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
          Source: C:\Users\user\Desktop\ccsetup624.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
          Source: C:\Users\user\Desktop\ccsetup624.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,SMBIOSBIOSVersion,IdentificationCode,SerialNumber,ReleaseDate,Version FROM Win32_BIOS
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Model,Manufacturer,Name,SerialNumber FROM Win32_BaseBoard
          Source: C:\Windows\System32\svchost.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer, Product FROM Win32_BaseBoard
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select UUID from win32_computersystemproduct
          Source: C:\Users\user\Desktop\ccsetup624.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
          Source: C:\Program Files\CCleaner\CCleaner64.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UniqueId,ProcessorId,Name,Manufacturer FROM Win32_Processor
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_00897F2F GetSystemTime followed by cmp: cmp esi, 06h and CTI: je 0089808Fh10_2_00897F2F
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_00897F2F GetSystemTime followed by cmp: cmp esi, 05h and CTI: je 0089808Fh10_2_00897F2F
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_00897F2F GetSystemTime followed by cmp: cmp esi, 04h and CTI: je 0089808Fh10_2_00897F2F
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_00897F2F GetSystemTime followed by cmp: cmp esi, 03h and CTI: je 0089808Fh10_2_00897F2F
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_00897F2F GetSystemTime followed by cmp: cmp esi, 02h and CTI: je 0089808Fh10_2_00897F2F
          Source: C:\Users\user\Desktop\ccsetup624.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile Volume queried: C:\ FullSizeInformation
          Source: C:\Users\user\Desktop\ccsetup624.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\ccsetup624.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008B00EB FindFirstFileW,GetFileAttributesW,FindNextFileW,FindClose,10_2_008B00EB
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008F35B1 FindFirstFileExW,10_2_008F35B1
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_0089ECE0 FindFirstFileW,SetFileAttributesW,DeleteFileW,GetLastError,Sleep,FindNextFileW,SetFileAttributesW,RemoveDirectoryW,GetLastError,FindClose,10_2_0089ECE0
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008BE8F0 GetSystemInfo,GetVersionExW,GetVersionExW,GetModuleHandleW,GetProcAddress,10_2_008BE8F0
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeThread delayed: delay time: 922337203685477
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeThread delayed: delay time: 900000
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cookies
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: FileKey4=%LocalAppData%\VMware|*.log
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: onPasteKeyonUserNameonLicenseKeyisPreviousAvailablegetKeyboardLanguageonManageSubscriptiononActivateNewKeyonAlphaUserInfoonBackToCCleanerSetLicenseKeySetUserNameconfirmEnablePasterequestactivatemessagetracknameEmailSurnameCOptionsLicenseSciterCtrl: the license key couldn't be pasted - no key on the clipboardCompanyNamesetManageLicenseContextCOptionsLicenseSciterCtrl::onPasteKeyfile://ManageLicense.htmlicenseKeyfile://LicenseAlphaUserInfo.htmfile://LicenseRegistered.htmfile://LicenseKeyActivation.htmfile://LicenseUserInfo.htmStartWaitingStopWaitingLicenseKey_ManageSubscriptionsubscriptionManagementdataUpdatedexpiryDateautoExtensionlicenseTypedaysLeftAnchor Color VisitedAnchor ColorSoftware\Microsoft\Internet Explorer\Settingsstatictooltips_class32<A></A>Tahoma1REQUEST_EVENTS_WINDOW_MESSAGECOMBOBOXPrefsPrivacyShowOffers1stPartyHelp improve CCleanerPrefsPrivacyShowOffers3rdPartyShowOffers3rdPartyuntickOptions/PrivacyShowOffers1stPartytickenable automatic updates/MONITORenable new version notificationOptions/UpdatesCCleaner Smart Cleaning%s%s%s%s%s%s%sVMware Horizon ClientSoftware\Piriform\CCleanerTaskbarSetProgressStateTaskbarSetProgressValueconfig.def)(ignorecommandprogramIDError: CCleaner::DbgLogger::Log[Named Pipes] Trace: Debug: Warning: Info: [CrashSupport] Initialize Crash HandlerProgramFolderPiriform::CrashSupport::InitializeCrashHandlerDumpReportingDataFolderSetuptemp.defException occured when creating config.def file Piriform::CrashSupport::UpdateConfigFileCreate config.def file under with [common] values from Shepherd[common]Piriform::CrashSupport::CreateConfigFileCreate LOG subfolderException while creating new directory--product 90 --send dumps|reportGet crash config from config.def fileException while checking if config folder existsException occured when writing to a config file
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ActionLauncher.exeRECURSEREMOVESELFNoxVMHandle.exevideopad.exeTeraBox.exepostbox.exeui32.exeiTopPDF.exeMultiPlayerManager.exeNoxVMSVC.exeOpenVPNConnect.exeNox.exeBlueJeans.exeBox.execalibre-parallel.exeBitComet.exerecorder.exeGoTo.exeBox Edit.exeBox Local Com Service.exenextcloud.exePlex HTPC.exeYouCam10.exeYouCamService10.exevmware-view.exevmwetlm.exevncviewer.exehorizon_client_service.exeCorel PaintShop Pro.exeGoodSync.execcsa.exeGoogleDriveFS.exePlex Media Server.exePlexScriptHost.exeCutePDFE.exeXmind.exewps.exeMessenger.exeCapCut.exeparfait_crash_handler.exeYouTubePlayer.UWP.exeZoom.exeCiscoCollabHost.exeDouyin.exeSkype.exerealplay.exeOneDrive.exeFileCoAuth.exeLINE.exeDb.App.exeresso.exeClipchamp.exeAPSDaemon.exesecd.exeApplePhotoStreams.exeAppleIEDAV.exeiCloud.exeTeams.exeAppleFirefoxHost.exeAppleMobileDeviceProcess.exeiCloudCKKS.exeiCloudServices.exeMicrosoft.Notes.exeiCloudPrefs.exeiCloudDrive.exeiCloudFirefox.exeiCloudIE.exeiCloudPhotos.exeDolbyAccess.exeprimevideo.exeWhatsApp.exeTodo.exeDiscord.exeMicrosoft.Photos.exeTelegram.exeAcrobat.exeslack.exeiTunes.exeAppleMobileDeviceService.exeAmazon Music.exeAmazon Music Helper.exea3yn
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: FileKey6=%LocalAppData%\Temp|VMware_Horizon_Client*.log
          Source: ccsetup624.exe, 00000000.00000003.6853330442.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876503852.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7472158907.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6869359437.0000000004039000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7173780025.000001D0E4DE6000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000002.7471485231.000001D0E4DE6000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000002.7461616307.000001D0E26CE000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7185607741.000001D0E26CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: [VMware Horizon Client]
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: DetectFile1=%ProgramFiles%\VMware\VMware Horizon View Client
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: FileKey6=%ProgramFiles%\VMware\VMware Workstation\ico|*.ico
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: FileKey3=%ProgramData%\VMware\VDM\logs|*.*
          Source: ccsetup624.exe, 00000000.00000003.6853330442.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876503852.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7472158907.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6869359437.0000000004039000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWd
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: ShowEdgePreloadingWarningShowActionCleanSuspendedWarningNoxVMSVC.exeNoxVMHandle.exeNox.exeMultiPlayerManager.exeShowVideoPadVideoEditorCleanSuspendedWarningActionLauncher.exeShowNoxplayerCleanSuspendedWarningvideopad.exeTeraBox.exeShowTeraBoxCleanSuspendedWarningiTopPDF.exeShowiTopPDFCleanSuspendedWarningOpenVPNConnect.exeShowOpenVPNConnectCleanSuspendedWarningpostbox.exeShowPostboxCleanSuspendedWarningrecorder.exeShowIcecreamScreenRecorderCleanSuspendedWarningBox Local Com Service.exeShowBoxEditCleanSuspendedWarningui32.exeShowWallpaperEngineCleanSuspendedWarningGoTo.exeShowGoToMeetingCleanSuspendedWarningShowBitCometCleanSuspendedWarningBlueJeans.exeShowCalibreCleanSuspendedWarningBitComet.exeShowBoxDriveCleanSuspendedWarningBox Edit.exeShowBlueJeansCleanSuspendedWarningBox.exeShowVNCViewerCleanSuspendedWarninghorizon_client_service.exeShowPlexHTPCCleanSuspendedWarningvncviewer.exeShowVMwareHorizonClientCleanSuspendedWarningcalibre-parallel.exevmware-view.exevmwetlm.exeYouCam10.exeYouCamService10.exePlexScriptHost.exeShowPlexMediaServerCleanSuspendedWarningShowNextcloudDesktopClientCleanSuspendedWarningPlex HTPC.exeShowCyberLinkYouCam10CleanSuspendedWarningnextcloud.exeShowGoodSyncCleanSuspendedWarningCutePDFE.exeShowCorelPaintShopProCleanSuspendedWarningGoodSync.exeShowXmindCleanSuspendedWarningPlex Media Server.exeShowCutePDFCleanSuspendedWarningXmind.exeZoom.exeShowZoomCleanSuspendedWarningYouTubePlayer.UWP.exeShoWYoutuPlayCleanSuspendedWarningShowGoogleDriveCleanSuspendedWarningCorel PaintShop Pro.execcsa.exeShowCodeCompareCleanSuspendedWarningMessenger.exeShowMessengerCleanSuspendedWarningwps.exeShowWPSOfficeCleanSuspendedWarningDouyin.exeShowDouyinCleanSuspendedWarningCiscoCollabHost.exeShowWebexCleanSuspendedWarningShowLineCleanSuspendedWarningDb.App.exeShowClipchampCleanSuspendedWarningLINE.exeparfait_crash_handler.exeShowCapCutCleanSuspendedWarningShowDrawboardPDFCleanSuspendedWarningCapCut.exeShowSkypeCleanSuspendedWarningrealplay.exeShowOneDriveCleanSuspendedWarningShowRessoCleanSuspendedWarningClipchamp.exeShowRealPlayerCleanSuspendedWarningresso.exeAppleMobileDeviceProcess.exeiCloud.exesecd.exeAppleFirefoxHost.exeShowTeamsCleanSuspendedWarningShowiCloudCleanSuspendedWarningTeams.exeiCloudPhotos.exeiCloudDrive.exeiCloudServices.exeiCloudIE.exeAppleIEDAV.exeAPSDaemon.exeiCloudFirefox.exeApplePhotoStreams.exeMicrosoft.Photos.exeShowMicrosoftPhotosCleanSuspendedWarningDiscord.exeShowDiscordCleanSuspendedWarningiCloudPrefs.exeiCloudCKKS.exeMicrosoft.Notes.exeShowMicrosoftStickyNotesCleanSuspendedWarningDolbyAccess.exeShowDolbyAccessCleanSuspendedWarningShowWhatsAppCleanSuspendedWarningShowMicrosoftToDoCleanSuspendedWarningAcrobat.exeShowAdobeAcrobatReaderCleanSuspendedWarningTelegram.exeShowTelegramCleanSuspendedWarningShowAmazonPrimeCleanSuspendedWarningShowSlackCleanSuspendedWarningShowItunesCleanSuspendedWarningShowAmazonMusicCleanSuspendedWarningShowAVGBrowserCleanSuspendedWarningShowNortonBrowserCleanSuspendedWarningShowOperaGXClea
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: license-typelicense-devicesaff-id*java se development kit**python*%02d%d%den-ww*microsoft r client**microsoft azure**winscp**xamarin**mysql connector c++**visual c++ for mobile development**cronos**bkchem*Internet SecurityTotal SecurityFull8install-timeflagsAntivirus FreeAntivirus Plusis-triallicense-remaining-dayslicense-total-daysexpiration-timeproduct-codeverboseis-freeis-expired*modellus**songsmith**version imagen**scilab**eqtabla**alice application**pilas-engine**fusioninventory**prerequisites for ssdt**mysql**git version**jetbrains*unity**winpcap**android studio**node.js**trafico de fauna**cmake**dev-c++**microsoft visual c++ build tools**kokori**e-reader**gnu privacy guard**mm7270**khi3**forcepad**labcam**ginga.ar**avidemux**gapminder**microsoft emulator**maxima**vmware**microsoft sql server management studio**iis express application compatibility database**iis * express**windows software development kit**microsoft sql server * management objects**microsoft .net framework * multi-targeting pack**microsoft system clr types for sql server**microsoft visual studio * shell**microsoft sql server * express localdb**microsoft sql server * transact-sql scriptdom**notepad++**pgadmin**postgres**putty**intel
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: FileKey2=%ProgramData%\VMware\VDM\logs|*.*
          Source: CCleaner64.exe, 00000007.00000003.7173780025.000001D0E4DE6000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000002.7471485231.000001D0E4DE6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWcb7fdaf7-d8ae-4a24-98ab-ca007942ac33}
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: [VMware Player]
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: DetectFile1=%ProgramFiles%\VMware\VMware Player
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: DetectFile1=%ProgramFiles%\VMware\VMware Workstation
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: [VMware Workstation]
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: FileKey4=%LocalAppData%\VMware\VDM\logs|*.*
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: FileKey4=%LocalAppData%\Temp\vmware-*|*.*
          Source: ccsetup624.exe, 00000000.00000003.6893399216.00000000067A0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ZeqHGFSQN=HME31
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: Application StartedCCleaner Username: /debugCApplication::ParseCommandlineArguments/scheduling/export/monitoring/advanced/registry/options/cleaner/tools( [k|K][e|E][y|Y]=+?"{[^"]+})/unregister/register( [n|N][a|A][m|M][e|E]=+?"{[^"]+})/scanreg/createskipuac/ccinfo/ccupdate/issuesPiriformRegistration/restoreccb/du /[l|L][i|I][s|S][t|T] +"?{[^"]+})/restoreccb/sysrestore(/[s|S][y|Y][s|S][r|R][e|E][s|S][t|T][o|O][r|R][e|E] +{[0-9]+})AutoUpdatesSmartCleanActivationUpdateNotificationsonoffNumOfUpToDateDriversNumOfIssueDetectedDriversDetectioncc6 researchIsElevatedwebview2 :: SkipUACIsAdminSmartClean:JunkAlertsSmartClean:BrowserAlertsGamerScoreGamerScoreVersiongui openStartupccleaner startup eventmonitoringcc6 research - DetectionLikelyVirtualMachineUninstall.lnkShowTrialDiscountOffer/OPTIONSuninst.exe/REGISTRY/TOOLS/AUTOJL/CLEANERNoCCREGISTERED={}
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: FileKey5=%LocalAppData%\Temp\vmware-*|*.*
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: FileKey5=%ProgramFiles%\Common Files\VMware\InstallerCache|*.*
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: DetectFile2=%ProgramFiles%\VMware\VMware Workstation
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: FileKey3=%LocalAppData%\Temp\vmware-*|*.*
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: LikelyVirtualMachine
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: VMware Horizon Client
          Source: CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: \CCleanerBugReport.exe Piriform::CrashSupport::UpdateCrashReportingTaskStatus --silentPiriform::CrashSupport::CrashReportParameters --guid " --version " --path " --programpath " crash reporting scheduled task - error when saving: crash reporting scheduled task - error when loading enabled disableddisabledFailed to Crash Reporting scheduled task enabledAdd crash reporting scheduled task which runs daily7F4CCD0B-B3BE-4FD2-9A26-A0299FDE418BA435FAA9-2311-4E23-B944-096D54E9DB31F16A9578-E0E4-4EA7-8FD7-E91C0061A9FD78E68749-DE5B-404A-9B44-7A5AEDED1CFCF9FD4EDF-1129-4DBC-9A8C-9EE7271FBE7E4141FCD7-B506-4916-8EC4-D38E4373F47A/monitor/autorbBroken CountPrevious CountApplication EndedError typeCApplication::~CApplication/autos/autosc/autojl/autosScripting()Run CCleaner/autojl/restart/delete/auto/restart/shutdown/shutdown/autosc/auto/clean/clean/update/update/delete/method/method/method %dinnotek GmbHVirtual MachineSYSTEM\CurrentControlSet\Control\SystemInformationVirtualBox/frbOpen CCleaner/analyze/analyzeParallels Virtual PlatformParallels Software International Inc.Parallels ARM Virtual MachineParallels International GmbH.Google Compute EngineGoogleMicrosoft CorporationCloud PC EnterpriseAlibaba CloudBaidu Cloud BCCCOOLHOUSING s.r.o.Alibaba Cloud ECSQEMUVirtual serverParallelsQEMU Virtual MachineQuanta Cloud Technology Inc.VirtuozzoUpCloudThinCloudVMware, Inc.Tencent CloudBaidu CloudAmazon EC2/updatesuccess/updatefailedVirtual Server/uacSystemProductNameVirtual PlatformVultrSystemManufacturer/cleanie/log
          Source: ccsetup624.exe, 00000000.00000002.7472158907.0000000003FF0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
          Source: ccsetup624.exe, 00000000.00000003.6869359437.000000000401C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: @wvmgid.inf,%VmGid.SVCDESC%;Microsoft Hyper-V Guest Infrastructure Driver,Z
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: FileKey1=%ProgramData%\VMware\logs|*.*
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: VMware Player
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: FileKey3=%ProgramData%\VMware\vmwetlm\logs|*.*
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: VMware Workstation
          Source: CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: FileKey2=%Program Files%\VMware\VMware Player\ico|*.*
          Source: C:\Users\user\Desktop\ccsetup624.exeAPI call chain: ExitProcess graph end nodegraph_0-1331
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess queried: DebugPortJump to behavior
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeProcess queried: DebugPort
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess queried: DebugPort
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess queried: DebugPort
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess queried: DebugPort
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess queried: DebugPort
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008D34FC IsDebuggerPresent,OutputDebugStringW,10_2_008D34FC
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_0089DF0A GetCurrentProcessId,CreateFileW,GetLastError,Sleep,GetLastError,WriteFile,WriteFile,WriteFile,WriteFile,GetFileSizeEx,NtSetInformationFile,OutputDebugStringW,CloseHandle,10_2_0089DF0A
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008A1750 GetSystemDirectoryW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,10_2_008A1750
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008ED198 mov ecx, dword ptr fs:[00000030h]10_2_008ED198
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008F231B mov eax, dword ptr fs:[00000030h]10_2_008F231B
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008F235F mov eax, dword ptr fs:[00000030h]10_2_008F235F
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008ED198 mov ecx, dword ptr fs:[00000030h]11_2_008ED198
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008F231B mov eax, dword ptr fs:[00000030h]11_2_008F231B
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 11_2_008F235F mov eax, dword ptr fs:[00000030h]11_2_008F235F
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008F805F GetProcessHeap,10_2_008F805F
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess token adjusted: Debug
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008D40FF SetUnhandledExceptionFilter,10_2_008D40FF
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008D8533 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_008D8533
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008D3AA6 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_008D3AA6
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008D3F6C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,10_2_008D3F6C
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeMemory allocated: page read and write | page guard
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess created: C:\Program Files\CCleaner\CCUpdate.exe "C:\Program Files\CCleaner\CCUpdate.exe" /regJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeProcess created: C:\Program Files\CCleaner\CCleaner64.exe "C:\Program Files\CCleaner\CCleaner64.exe" /monitor
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_0089E545 InitializeSecurityDescriptor,SetSecurityDescriptorDacl,10_2_0089E545
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_0089FBEC AllocateAndInitializeSid,GetLastError,CheckTokenMembership,FreeSid,10_2_0089FBEC
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008BF380 cpuid 10_2_008BF380
          Source: C:\Users\user\Desktop\ccsetup624.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
          Source: C:\Program Files\CCleaner\CCleaner64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
          Source: C:\Program Files\CCleaner\CCleaner64.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\CC_logo_72x66.png VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\CC_Logo_40x96.png VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\PF_computer.png VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\su_controller.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\su_controller.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\su_telemetry.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\su_controller.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V0100040.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V0100040.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEng.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat VolumeInformation
          Source: C:\Program Files\CCleaner\CCleaner64.exeQueries volume information: C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk VolumeInformation
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.WSMan.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.WSMan.Management.dll VolumeInformation
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
          Source: C:\Program Files\CCleaner\wa_3rd_party_host_32.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeQueries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeQueries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeQueries volume information: C:\Program Files\CCleaner\LOG\event_manager.log VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.chk VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.chk VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.chk VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db VolumeInformation
          Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db VolumeInformation
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008A54A3 VariantInit,SysFreeString,SysFreeString,VariantClear,GetSystemTime,SystemTimeToFileTime,FileTimeToSystemTime,SysFreeString,SysFreeString,VariantClear,VariantClear,SysFreeString,VariantClear,VariantClear,VariantClear,VariantClear,10_2_008A54A3
          Source: C:\Program Files\CCleaner\CCUpdate.exeCode function: 10_2_008F2B19 GetTimeZoneInformation,10_2_008F2B19
          Source: C:\Users\user\Desktop\ccsetup624.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\ccsetup624.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Lowering of HIPS / PFW / Operating System Security Settings

          barindex
          Disables Windows system restore
          Source: C:\Program Files\CCleaner\CCleaner64.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore SystemRestorePointCreationFrequency
          Source: ccsetup624.exe, 00000000.00000003.7446630787.0000000004135000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7446917218.000000000413D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7452251594.000000000413E000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7476357959.000000000413E000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7446376122.0000000004129000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: KVSrvXP.exe
          Source: ccsetup624.exe, 00000000.00000003.7451794002.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7447861978.00000000041A9000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7440146565.000000000415D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7477826103.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7445939027.0000000004174000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7446270617.00000000041A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: acs.exe
          Source: ccsetup624.exe, 00000000.00000003.7448018991.0000000004205000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7478760422.000000000420A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AVKService.exe
          Source: ccsetup624.exe, 00000000.00000003.7440146565.000000000415D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7449742155.000000000416C000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7477743709.000000000416D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7448447114.0000000004163000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vsserv.exe
          Source: ccsetup624.exe, 00000000.00000003.7440146565.000000000415D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7449742155.000000000416C000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7477743709.000000000416D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7448447114.0000000004163000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: BullGuard.exe
          Source: ccsetup624.exe, 00000000.00000003.7448018991.0000000004205000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7478760422.000000000420A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AVKTray.exe
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: DetectFile1=%ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe
          Source: ccsetup624.exe, 00000000.00000003.7446630787.0000000004135000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7446917218.000000000413D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7452251594.000000000413E000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7476357959.000000000413E000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7446376122.0000000004129000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GDFwSvc.exe
          Source: ccsetup624.exe, 00000000.00000003.7440146565.000000000415D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7449742155.000000000416C000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7477743709.000000000416D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7448447114.0000000004163000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 360Safe.exe
          Source: ccsetup624.exe, 00000000.00000003.7446630787.0000000004135000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7446917218.000000000413D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7452251594.000000000413E000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7476357959.000000000413E000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7446376122.0000000004129000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: k7tsmngr.exe
          Source: ccsetup624.exe, 00000000.00000003.7440146565.000000000415D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7449742155.000000000416C000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7477743709.000000000416D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7448447114.0000000004163000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgcsrvx.exe
          Source: ccsetup624.exe, 00000000.00000003.7448018991.0000000004205000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7478760422.000000000420A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: a2start.exe
          Source: ccsetup624.exe, 00000000.00000003.7446630787.0000000004135000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7446917218.000000000413D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7452251594.000000000413E000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7476357959.000000000413E000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7446376122.0000000004129000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: K7RTScan.exe
          Source: ccsetup624.exe, 00000000.00000003.7440146565.000000000415D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7449742155.000000000416C000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7477743709.000000000416D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7448447114.0000000004163000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 360Tray.exe
          Source: ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F233D000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: DetectFile2=%ProgramFiles%\Malwarebytes Anti-Malware\mbam.exe
          Source: ccsetup624.exe, 00000000.00000003.7448018991.0000000004205000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7478760422.000000000420A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FPAVServer.exe
          Source: ccsetup624.exe, 00000000.00000003.7453016116.00000000041F1000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7478596307.0000000004200000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: vsmon.exe
          Source: ccsetup624.exe, 00000000.00000003.7446630787.0000000004135000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7446917218.000000000413D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7452251594.000000000413E000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7476357959.000000000413E000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7446376122.0000000004129000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mcupdate.exe
          Source: ccsetup624.exe, 00000000.00000003.7440146565.000000000415D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7449742155.000000000416C000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7477743709.000000000416D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7448447114.0000000004163000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
          Source: ccsetup624.exe, 00000000.00000003.7446630787.0000000004135000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7446917218.000000000413D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7452251594.000000000413E000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7476357959.000000000413E000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7446376122.0000000004129000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: K7TSecurity.exe
          Source: ccsetup624.exe, 00000000.00000003.7448018991.0000000004205000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7478760422.000000000420A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: FProtTray.exe

          Stealing of Sensitive Information

          barindex
          Queries disk data (e.g. SMART data)
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Users\user\Desktop\ccsetup624.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeDevice IO: \Device\Harddisk0\DR0Jump to behavior
          Source: C:\Program Files\CCleaner\CCUpdate.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCUpdate.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCUpdate.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCUpdate.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleanerBugReport.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Source: C:\Program Files\CCleaner\CCleaner64.exeDevice IO: \Device\Harddisk0\DR0
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\places.sqlite
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite-wal
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldb
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\webappsstore.sqlite-wal
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\permissions.sqlite
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\content-prefs.sqlite
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cookies
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite-shm
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\prefs.js
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\compatibility.ini
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\webappsstore.sqlite-shm
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\QuotaManager
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DownloadMetadata
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000002.dbtmp
          Source: C:\Program Files\CCleaner\CCleaner64.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\webappsstore.sqlite

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire Infrastructure1
          Valid Accounts          		31
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		1
          Disable or Modify Tools          		1
          OS Credential Dumping          		12
          System Time Discovery          		Remote Services11
          Archive Collected Data          		3
          Ingress Tool Transfer          		Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault Accounts11
          Native API          		1
          Valid Accounts          		1
          Valid Accounts          		1
          Deobfuscate/Decode Files or Information          		LSASS Memory1
          Network Service Discovery          		Remote Desktop Protocol1
          Data from Local System          		11
          Encrypted Channel          		Exfiltration Over Bluetooth1
          Inhibit System Recovery
          Email AddressesDNS ServerDomain Accounts2
          Command and Scripting Interpreter          		11
          Windows Service          		11
          Access Token Manipulation          		2
          Obfuscated Files or Information          		Security Account Manager4
          File and Directory Discovery          		SMB/Windows Admin SharesData from Network Shared Drive4
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal Accounts2
          Scheduled Task/Job          		2
          Scheduled Task/Job          		11
          Windows Service          		1
          DLL Side-Loading          		NTDS167
          System Information Discovery          		Distributed Component Object ModelInput Capture5
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud Accounts2
          Service Execution          		11
          Registry Run Keys / Startup Folder          		11
          Process Injection          		1
          File Deletion          		LSA Secrets1
          Query Registry          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
          Bootkit          		2
          Scheduled Task/Job          		13
          Masquerading          		Cached Domain Credentials191
          Security Software Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items11
          Registry Run Keys / Startup Folder          		1
          Valid Accounts          		DCSync1
          Process Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job191
          Virtualization/Sandbox Evasion          		Proc Filesystem191
          Virtualization/Sandbox Evasion          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt11
          Access Token Manipulation          		/etc/passwd and /etc/shadow1
          Application Window Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
          Process Injection          		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
          Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
          Bootkit          		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447672 Sample: ccsetup624.exe Startdate: 26/05/2024 Architecture: WINDOWS Score: 40 72 zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com 2->72 74 www.nortonlifelock.com 2->74 76 84 other IPs or domains 2->76 106 Yara detected AntiVM3 2->106 108 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 2->108 110 Contains functionality to infect the boot sector 2->110 9 ccsetup624.exe 83 237 2->9         started        14 CCleaner.exe 2->14         started        16 CCleaner.exe 2->16         started        18 9 other processes 2->18 signatures3 process4 dnsIp5 96 ipm-gcp-prod.ff.avast.com 34.111.24.1, 443, 50113, 50154 GOOGLEUS United States 9->96 98 analytics-prod-gcp.ff.avast.com 34.117.223.223, 443, 49239, 49254 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 9->98 104 2 other IPs or domains 9->104 62 C:\Program Files\...\wa_3rd_party_host_32.exe, PE32 9->62 dropped 64 CCleanerPerformanceOptimizerService.exe, PE32+ 9->64 dropped 66 C:\Program Files\...\CCleanerBugReport.exe, PE32+ 9->66 dropped 68 144 other files (2 malicious) 9->68 dropped 130 Query firmware table information (likely to detect VMs) 9->130 132 Queries disk data (e.g. SMART data) 9->132 20 CCUpdate.exe 2 7 9->20         started        25 CCleaner64.exe 9->25         started        27 CCleaner64.exe 3 9 9->27         started        29 chrome.exe 9->29         started        31 CCleaner64.exe 14->31         started        33 CCleaner64.exe 16->33         started        100 streamback-cl1.ns1.ff.avast.com 34.77.70.86, 443, 50132 GOOGLEUS United States 18->100 102 127.0.0.1 unknown unknown 18->102 35 conhost.exe 18->35         started        file6 signatures7 process8 dnsIp9 78 ip-info-gcp.ff.avast.com 34.149.149.62, 443, 50123, 50131 ATGS-MMD-ASUS United States 20->78 50 605d9d3c-b428-4c6f-bed7-a0262acb20a2.dll, PE32 20->50 dropped 37 CCUpdate.exe 20->37         started        52 C:\...\gcapi_17167274765172.dll (copy), PE32+ 25->52 dropped 80 192.168.11.20, 137, 1900, 443 unknown unknown 29->80 82 239.255.255.250, 1900 unknown Reserved 29->82 40 chrome.exe 29->40         started        84 driver-updater-gcp.ff.avast.com 34.149.202.126, 443, 55235 ATGS-MMD-ASUS United States 31->84 86 siteintercept.qualtrics.com 31->86 88 siteintercept.qprod2.net 31->88 54 C:\Users\user\AppData\Localbehaviorgraphoogle\...\LOG, ASCII 31->54 dropped 56 C:\Users\user\AppData\Local\...\000003.ldb, data 31->56 dropped 58 C:\Program Files\CCleaner\gcapi_dll.dll, PE32+ 31->58 dropped 60 C:\...\gcapi_17167274625804.dll (copy), PE32+ 31->60 dropped 122 Query firmware table information (likely to detect VMs) 31->122 124 Tries to harvest and steal browser information (history, passwords, etc) 31->124 126 Queries disk data (e.g. SMART data) 31->126 128 Disables Windows system restore 31->128 43 CCleaner64.exe 31->43         started        46 wa_3rd_party_host_32.exe 31->46         started        file10 signatures11 process12 dnsIp13 90 t.co 104.244.42.133, 443, 51987, 56586 TWITTERUS United States 40->90 92 s.twitter.com 104.244.42.195, 443, 52760, 56390 TWITTERUS United States 40->92 94 27 other IPs or domains 40->94 70 C:\...\gcapi_17167274745116.dll (copy), PE32+ 43->70 dropped 112 Query firmware table information (likely to detect VMs) 43->112 114 Tries to harvest and steal browser information (history, passwords, etc) 43->114 116 Queries disk data (e.g. SMART data) 43->116 118 Reads the Security eventlog 46->118 120 Reads the System eventlog 46->120 48 conhost.exe 46->48         started        file14 signatures15 process16

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          ccsetup624.exe0%ReversingLabs
          ccsetup624.exe0%VirustotalBrowse

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Program Files\CCleaner\CCUpdate.exe0%ReversingLabs
          C:\Program Files\CCleaner\CCleaner.exe0%ReversingLabs
          C:\Program Files\CCleaner\CCleaner64.exe0%ReversingLabs
          C:\Program Files\CCleaner\CCleanerBugReport.exe0%ReversingLabs
          C:\Program Files\CCleaner\CCleanerDU.dll0%ReversingLabs
          C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll0%ReversingLabs
          C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe0%ReversingLabs
          C:\Program Files\CCleaner\CCleanerReactivator.dll0%ReversingLabs
          C:\Program Files\CCleaner\CCleanerReactivator.exe0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1025.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1026.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1027.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1028.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1029.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1030.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1031.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1032.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1034.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1035.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1036.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1037.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1038.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1040.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1041.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1042.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1043.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1044.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1045.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1046.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1048.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1049.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1050.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1051.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1052.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1053.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1054.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1055.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1056.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1057.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1058.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1059.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1060.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1061.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1062.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1063.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1065.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1066.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1067.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1068.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1071.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1079.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1081.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1086.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1087.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1090.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1092.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1093.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1102.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1104.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1109.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1110.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-1155.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-2052.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-2070.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-2074.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-3098.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-5146.dll0%ReversingLabs
          C:\Program Files\CCleaner\Lang\lang-9999.dll0%ReversingLabs
          C:\Program Files\CCleaner\Setup\605d9d3c-b428-4c6f-bed7-a0262acb20a2.dll0%ReversingLabs
          C:\Program Files\CCleaner\gcapi_17167274625804.dll (copy)0%ReversingLabs
          C:\Program Files\CCleaner\gcapi_17167274745116.dll (copy)0%ReversingLabs
          C:\Program Files\CCleaner\gcapi_17167274765172.dll (copy)0%ReversingLabs
          C:\Program Files\CCleaner\gcapi_dll.dll0%ReversingLabs
          C:\Program Files\CCleaner\libwaapi.dll0%ReversingLabs
          C:\Program Files\CCleaner\libwaheap.dll0%ReversingLabs
          C:\Program Files\CCleaner\libwalocal.dll0%ReversingLabs
          C:\Program Files\CCleaner\libwaresource.dll0%ReversingLabs
          C:\Program Files\CCleaner\libwautils.dll0%ReversingLabs
          C:\Program Files\CCleaner\libwavmodapi.dll0%ReversingLabs
          C:\Program Files\CCleaner\uninst.exe0%ReversingLabs
          C:\Program Files\CCleaner\wa_3rd_party_host_32.exe0%ReversingLabs
          C:\Program Files\CCleaner\wa_3rd_party_host_64.exe0%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          dev.visualwebsiteoptimizer.com0%VirustotalBrowse
          platform.twitter.map.fastly.net0%VirustotalBrowse
          scontent.xx.fbcdn.net0%VirustotalBrowse
          script.hotjar.com0%VirustotalBrowse
          t.co0%VirustotalBrowse
          dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com0%VirustotalBrowse
          idsync.rlcdn.com0%VirustotalBrowse
          static-cdn.hotjar.com0%VirustotalBrowse
          ip-info-gcp.ff.avast.com0%VirustotalBrowse
          peso-1422535133.eu-west-1.elb.amazonaws.com0%VirustotalBrowse
          ipm-gcp-prod.ff.avast.com0%VirustotalBrowse
          www.google.com0%VirustotalBrowse
          mstatic.ccleaner.com0%VirustotalBrowse
          star-mini.c10r.facebook.com0%VirustotalBrowse
          nydc1.outbrain.org0%VirustotalBrowse
          stats.g.doubleclick.net0%VirustotalBrowse
          fg.microsoft.map.fastly.net0%VirustotalBrowse
          s.twitter.com0%VirustotalBrowse
          shepherd-gcp.ff.avast.com0%VirustotalBrowse
          googleads.g.doubleclick.net0%VirustotalBrowse
          analytics.google.com0%VirustotalBrowse
          dcjdc5qmbbux7.cloudfront.net0%VirustotalBrowse
          streamback-cl1.ns1.ff.avast.com0%VirustotalBrowse
          analytics-prod-gcp.ff.avast.com0%VirustotalBrowse
          widget.trustpilot.com0%VirustotalBrowse
          geolocation.onetrust.com0%VirustotalBrowse
          driver-updater-gcp.ff.avast.com0%VirustotalBrowse
          edge.gycpi.b.yahoodns.net0%VirustotalBrowse
          static.ads-twitter.com0%VirustotalBrowse
          emupdate.avcdn.net0%VirustotalBrowse
          amplify.outbrain.com0%VirustotalBrowse
          driver-updater.ff.avast.com0%VirustotalBrowse
          license.piriform.com0%VirustotalBrowse
          ipm-provider.ff.avast.com0%VirustotalBrowse
          oms.ccleaner.com0%VirustotalBrowse
          siteintercept.qualtrics.com0%VirustotalBrowse
          cdn.cookielaw.org0%VirustotalBrowse
          cm.everesttech.net0%VirustotalBrowse
          license-api.ccleaner.com0%VirustotalBrowse

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          ip-info-gcp.ff.avast.com
          		34.149.149.62
          		truefalse
          dev.visualwebsiteoptimizer.com
          		34.96.102.137
          		truefalse
          platform.twitter.map.fastly.net
          		146.75.28.157
          		truefalse
          stats.g.doubleclick.net
          		142.251.16.156
          		truefalse
          dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com
          		54.146.244.228
          		truefalse
          scontent.xx.fbcdn.net
          		31.13.66.19
          		truefalse
          idsync.rlcdn.com
          		35.244.154.8
          		truefalse
          t.co
          		104.244.42.133
          		truefalse
          script.hotjar.com
          		99.84.191.43
          		truefalse
          peso-1422535133.eu-west-1.elb.amazonaws.com
          		52.51.126.101
          		truefalse
          www.google.com
          		142.251.16.105
          		truefalse
          2w99epxhne.data.adobedc.net
          		63.140.39.93
          		truefalse
            static-cdn.hotjar.com
            		18.160.41.112
            		truefalse
            mstatic.ccleaner.com
            		20.50.2.53
            		truefalse
            star-mini.c10r.facebook.com
            		157.240.229.35
            		truefalse
            ipm-gcp-prod.ff.avast.com
            		34.111.24.1
            		truefalse
            nydc1.outbrain.org
            		64.202.112.95
            		truefalse
            s.twitter.com
            		104.244.42.195
            		truefalse
            analytics-prod-gcp.ff.avast.com
            		34.117.223.223
            		truefalse
            fg.microsoft.map.fastly.net
            		199.232.210.172
            		truefalse
            streamback-cl1.ns1.ff.avast.com
            		34.77.70.86
            		truefalse
            googleads.g.doubleclick.net
            		142.251.167.155
            		truefalse
            shepherd-gcp.ff.avast.com
            		34.160.176.28
            		truefalse
            dcjdc5qmbbux7.cloudfront.net
            		52.85.132.115
            		truefalse
            analytics.google.com
            		142.251.167.102
            		truefalse
            driver-updater-gcp.ff.avast.com
            		34.149.202.126
            		truefalse
            widget.trustpilot.com
            		3.162.125.20
            		truefalse
            cdn.cookielaw.org
            		104.19.178.52
            		truefalse
            geolocation.onetrust.com
            		172.64.155.119
            		truefalse
            edge.gycpi.b.yahoodns.net
            		69.147.92.12
            		truefalse
            static.ads-twitter.com
            		unknown
            		unknownfalse
            amplify.outbrain.com
            		unknown
            		unknownfalse
            license.piriform.com
            		unknown
            		unknownfalse
            emupdate.avcdn.net
            		unknown
            		unknownfalse
            siteintercept.qualtrics.com
            		unknown
            		unknownfalse
            license-api.ccleaner.com
            		unknown
            		unknownfalse
            cm.everesttech.net
            		unknown
            		unknownfalse
            ipm-provider.ff.avast.com
            		unknown
            		unknownfalse
            driver-updater.ff.avast.com
            		unknown
            		unknownfalse
            oms.ccleaner.com
            		unknown
            		unknownfalse
            wave.outbrain.com
            		unknown
            		unknownfalse
              static.hotjar.com
              		unknown
              		unknownfalse
                trial-eum-clientnsv4-s.akamaihd.net
                		unknown
                		unknownfalse
                  c5.adalyser.com
                  		unknown
                  		unknownfalse
                    assets.adobedtm.com
                    		unknown
                    		unknownfalse
                      trial-eum-clienttons-s.akamaihd.net
                      		unknown
                      		unknownfalse
                        m2stawfydf7ywzstf26a-ps8iwe-4482d3f71-clientnsv4-s.akamaihd.net
                        		unknown
                        		unknownfalse
                          winqual.sb.avast.com
                          		unknown
                          		unknownfalse
                            connect.facebook.net
                            		unknown
                            		unknownfalse
                              px.ads.linkedin.com
                              		unknown
                              		unknownfalse
                                symantec.demdex.net
                                		unknown
                                		unknownfalse
                                  s.yimg.com
                                  		unknown
                                  		unknownfalse
                                    service.piriform.com
                                    		unknown
                                    		unknownfalse
                                      download.avira.com
                                      		unknown
                                      		unknownfalse
                                        www.mczbf.com
                                        		unknown
                                        		unknownfalse
                                          s.go-mpulse.net
                                          		unknown
                                          		unknownfalse
                                            shepherd.ff.avast.com
                                            		unknown
                                            		unknownfalse
                                              cdn-production.ccleaner.com
                                              		unknown
                                              		unknownfalse
                                                102-165-48-88_s-23-62-230-167_ts-1716727484-clienttons-s.akamaihd.net
                                                		unknown
                                                		unknownfalse
                                                  www.nortonlifelock.com
                                                  		unknown
                                                  		unknownfalse
                                                    analytics.avcdn.net
                                                    		unknown
                                                    		unknownfalse
                                                      dpm.demdex.net
                                                      		unknown
                                                      		unknownfalse
                                                        s1.pir.fm
                                                        		unknown
                                                        		unknownfalse
                                                          www.facebook.com
                                                          		unknown
                                                          		unknownfalse
                                                            s7.addthis.com
                                                            		unknown
                                                            		unknownfalse
                                                              www.linkedin.com
                                                              		unknown
                                                              		unknownfalse
                                                                ncc.avast.com
                                                                		unknown
                                                                		unknownfalse
                                                                  zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com
                                                                  		unknown
                                                                  		unknownfalse
                                                                    analytics.twitter.com
                                                                    		unknown
                                                                    		unknownfalse
                                                                      cdn-uat.ccleaner.com
                                                                      		unknown
                                                                      		unknownfalse
                                                                        173bf110.akstat.io
                                                                        		unknown
                                                                        		unknownfalse
                                                                          snap.licdn.com
                                                                          		unknown
                                                                          		unknownfalse
                                                                            ccleaner.tools.avcdn.net
                                                                            		unknown
                                                                            		unknownfalse
                                                                              www.ccleaner.com
                                                                              		unknown
                                                                              		unknownfalse
                                                                                ip-info.ff.avast.com
                                                                                		unknown
                                                                                		unknownfalse
                                                                                  c.go-mpulse.net
                                                                                  		unknown
                                                                                  		unknownfalse
                                                                                    tr.outbrain.com
                                                                                    		unknown
                                                                                    		unknownfalse

                                                                                      Contacted URLs

                                                                                      NameMaliciousAntivirus DetectionReputation
                                                                                      https://symantec.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.ccleaner.comfalse
                                                                                        https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=2125617828.1716727479&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060&dma=0&npa=0&gtm=45He45m0n71KFXRTRv71945860za200&auid=1566402970.1716727479false
                                                                                          https://cdn.cookielaw.org/scripttemplates/6.36.0/assets/v2/otPcCenter.jsonfalse
                                                                                            https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-69441-21&cid=915640447.1716727481&jid=872880649&gjid=1519295001&_gid=1588426393.1716727482&_u=YCDAgEABAAAAAGAEK~&z=1683501845false
                                                                                              https://winqual.sb.avast.com/V1/MDfalse
                                                                                                https://c5.adalyser.com/adalyser.js?cid=ccleanerfalse
                                                                                                  https://c5.adalyser.com/tracking/track/v3/p?stm=1716727481819&e=lce1&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&cid=ccleaner&p=%7B%22et%22%3A1716727481817%2C%22nr%22%3A%22New%22%2C%22cg%22%3A%22Direct%22%2C%22dt%22%3A%22desktop%22%2C%22so%22%3A%22direct%22%2C%22me%22%3A%22none%22%2C%22ca%22%3A%22direct%22%2C%22co%22%3A%22(not%20set)%22%2C%22ke%22%3A%22(not%20set)%22%2C%22vid%22%3A%221%22%2C%22sid%22%3A%222984c0b8-a202-426f-acaf-a7b3c00a6ad1%22%2C%22duid%22%3A%22a7ceef44-86b5-48d2-9097-d36dffbdb759%22%2C%22cw%22%3A1716727481817%7D&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F94.0.4606.61%20Safari%2F537.36&domain=www.ccleaner.comfalse
                                                                                                    https://ipm-provider.ff.avast.com/?action=1&p_elm=0&p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526false
                                                                                                      https://tr.outbrain.com/cachedClickId?marketerId=001ac0827d67b7b38319c9517e7fa2f4ccfalse
                                                                                                        https://driver-updater.ff.avast.com/api/v1/scanDrivers/false
                                                                                                          https://static.hotjar.com/c/hotjar-857043.js?sv=6false
                                                                                                            https://cdn.cookielaw.org/scripttemplates/6.36.0/assets/otCommonStyles.cssfalse
                                                                                                              https://cdn.cookielaw.org/scripttemplates/otSDKStub.jsfalse
                                                                                                                https://ip-info.ff.avast.com/v2/infofalse
                                                                                                                  https://s.yimg.com/wi/ytc.jsfalse
                                                                                                                    https://shepherd.ff.avast.com/?p_vep=6&p_ves=24&p_vbd=11060&p_lit=0&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_pro=90&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_lng=en&p_lid=en-usfalse
                                                                                                                      https://analytics.avcdn.net/receive3false
                                                                                                                        https://ipm-provider.ff.avast.com/?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=3&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526false
                                                                                                                          https://ip-info.ff.avast.com/v1/infofalse
                                                                                                                            https://ipm-provider.ff.avast.com/?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=2&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526false
                                                                                                                              https://ipm-provider.ff.avast.com/?p_elm=76&action=1&p_age=0&p_bau=0&p_bsls=0&p_chcc=2&p_chr=0&p_dvt=3&p_fds=431419&p_gis=0&p_hid=be4e4af9-63f6-4992-bfa2-801c56ff5967&p_lid=en-GB&p_lng=en&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_osv=10.0&p_pro=90&p_sbi=0&p_scbu=0&p_tos=0&p_vbd=11060&p_vep=6&p_ves=24&p_wid=1665235917&p_wsc2v_av=9011false
                                                                                                                                https://mstatic.ccleaner.com/api/mhubc.jsfalse

                                                                                                                                  URLs from Memory and Binaries

                                                                                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                  https://www.ccleaner.com/go/app_cc_get_update1033Mozilla/4.0https://license.piriform.com/update%d.%dccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    http://httphttpsapp.lis.get.installapp.lis.install.statusapp.lis.gen_install_and_activateapp.lis.insccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      https://www.ccleaner.com/business/ccleaner-business-editionCCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                        https://ccleaner.com/go/app_cc_license_agreementCCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                          https://www.avast.com/lp-ppc-nbu-fav-ccCCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                            https://service.piriform.com/installcheck.aspx?p=1&v=6.24.11060&vx=&l=1033&b=1&o=10W6&g=0&i=1&a=0&e=ccsetup624.exe, 00000000.00000003.7457491002.00000000008FD000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7462374225.0000000000820000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              http://p%03d.sb.avast.com/V1/PD/avast_streambackraw_%03d://StreambackCommChannelAddr_asw::commchanneCCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                https://aefd.nelreports.net/api/report?cat=bingaotakccsetup624.exe, 00000000.00000003.6957324266.00000000080AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  https://www.ccleaner.com/docs/ccleaner/ccleaner-settings/choosing-which-cookies-to-keepCCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                    https://s-trackoff.avcdn.net/trackoff/8ad1526a87b9617cf6dd677cdf9f87a0e3fd1555b6a8828d87ec2bef2850faCCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                      https://install.avcdn.net/avg/iavs9x/avg_internet_security_setup.exeASWSig2A123D026AE3BEAC0AC7D4DC35ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                        http://posttestserver.com/avast_streambackraw_007://http://p004.sb.avast.com/V1/PD/avast_streambackrCCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                          https://license.piriform.com/Eccsetup624.exe, 00000000.00000003.7077262001.0000000005CD1000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7458083490.0000000005CD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            https://honzik.avcdn.net/setup/avast-vpn/release/avast_vpn_online_setup.exeASWSig2A06FCDABA5742BE662ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                              https://shepherd.ff.avast.com/?p_vep=6&p_ves=24&p_vbd=11060&p_lit=0&p_midex=E8E4C5DC7068F1D7A5F14852ccsetup624.exe, 00000000.00000002.7472158907.0000000004008000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                https://download.avira.com/download/opswat-sdk-database/su_worker.exeasw::su_controller::ControllerCCCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                  https://piriform.zendesk.com/hc/en-us/articles/218109957-How-do-I-manage-browser-plugins-CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                    http://honzik.avcdn.net/setup/avast-tu/release/avast_cleanup_online_setup.exeASWSig2A4C1A1197A19B18Fccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                      http://files.avast.com/beta9x/avast_free_antivirus_setup_online.exeASWSig2A5549FF2866EA44F68D28FB2B1ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                        https://s-trackoff.avcdn.net/avg/trackoff/7854df286ff1c4e1f4d81d466f4a1b0243b39837ac99c5b98817907f76CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                          https://install.avcdn.net/beta9x/avast_pro_antivirus_setup_online.exeASWSig2A579D90FED0C6441EE7B258Fccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                            http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0ccsetup624.exe, 00000000.00000003.7458347066.0000000005B73000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7457491002.000000000090D000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7464306050.000000000090F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              https://sciter.com/forums/topic/plus-custom-output-formatter-wont-work-if-they-are-written-in-htm/#pCCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                https://www.ccleaner.com/go/app_cc_help_preloadingCCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                  https://ccleaner.com/go/app_cc_privacy_data_factsheetCCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                    https://ipmcdn.avast.com/images/Persistent-AuthWWW-AuthenticateVaryClientId=563fffb9-0641-4af9-b6eb-ccsetup624.exe, 00000000.00000003.6876445271.0000000005B4B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      https://ipm-provider.ff.avast.com/?p_elm=76&action=1&p_age=0&p_bau=0&p_bsls=0&p_chcc=2&p_chr=0&p_dvtccsetup624.exe, 00000000.00000003.6876503852.000000000401C000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7472158907.000000000401C000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876503852.0000000004039000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.6876445271.0000000005B41000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        https://www.ccleaner.com/go/app_po_surveyCCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                          https://honzik.avcdn.net/setup/avast-bs/beta/avast_battery_saver_online_setup.exeASWSig2A3A3BE3789E6ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                            http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLCopyrightccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              https://honzik.avcdn.net/setup/avast-bg/release/avast_breach_guard_online_setup.exeASWSig2A2457920CEccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                http://www.ccleaner.com/ccleanerccsetup624.exe, 00000000.00000003.7135328964.0000000006BF0000.00000004.00000800.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000002.7462374225.000000000086A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  http://www.ccleaner.com/inapp/notificationsContent-Type:ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                    http://www.zkysky.com.ar/Thisccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      https://service.piriform.com/installcheck.aspx5.70.7909PrefsPrivacyShareData1stPartyccsetup624.exe, 00000000.00000002.7462374225.000000000086A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        https://aefd.nelreports.net/api/report?cat=bingrmsccsetup624.exe, 00000000.00000003.6957324266.00000000080AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          https://honzik.avcdn.net/setup/avast-bs/release/avast_battery_saver_online_setup.exeASWSig2A072492C0ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                            http://www.ccleaner.com/go/app_privacy?p=1&l=ccsetup624.exe, 00000000.00000002.7462374225.000000000086A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              https://shepherd.ff.avast.com/Mozilla/4.0ccsetup624.exe, 00000000.00000002.7462374225.000000000086A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                http://keys.backup.norton.comccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                  https://windows-drivers-x04.blogspot.comCCleaner64.exe, 0000000F.00000003.7303223557.000001F7CC4F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    https://www.ccleaner.com/go/app_du_systemrestoreinfoCCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                      http://www.gimp.org/xmp/CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                        https://analytics.avcdn.net:443/receive3CCleaner64.exe, 00000007.00000003.7173780025.000001D0E4DE6000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000002.7471485231.000001D0E4DE6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          http://www.avast.com0/ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmp, ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                            https://www.ccleaner.com/go/app_du_surveyCCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                              https://analytics.avcdn.net/AMK=azCCleaner64.exe, 00000007.00000002.7461616307.000001D0E26CE000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000003.7185607741.000001D0E26CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                https://secure.ccleaner.com/502/uurl-90zu4qtn5p?x-source=833CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                  http://p%03d.sb.avast.com/V1/MD/avast_streambacksubmit_%03d://http://p%03d.sb.avast.com/V1/PD/avast_ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    http://p%03d.sb.avast.com/V1/MD/avast_streambacksubmit_%03d://http:DoCCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                      http://ccleaner.tools.avcdn.net/tools/ccleaner/update/updates.xmlCCUpdate.exefalse
                                                                                                                                                                                                                                        https://shepherd.ff.avast.com/ccsetup624.exe, 00000000.00000003.7077262001.0000000005CD1000.00000004.00000020.00020000.00000000.sdmp, ccsetup624.exe, 00000000.00000003.7458083490.0000000005CD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          https://openid-stage.avast.comhttps://openid-stage.avg.comalpha-iqs-stage.ff.avast.commy-win-stage.fccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0UserWdtHnyccsetup624.exe, 00000000.00000003.7435901036.0000000005BDB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              https://www.msn.com/de-ch/?ocid=iehpccsetup624.exe, 00000000.00000003.7019826840.00000000077D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                http://%s:%d;https=https://%s:%dHTTP/1.0%u.%u.%u.%u01234567890123456789abcdef0123456789ABCDEFCONOUT$CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                  http://www.avast.com0ccsetup624.exe, 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpfalse
                                                                                                                                                                                                                                                    http://www.ccleaner.com/go/app_license?p=1&l=ccsetup624.exe, 00000000.00000002.7462374225.000000000086A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      https://posttestserver.com/test_channel_s://http://posttestserver.com/test_channel://avast_streambacccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        https://install.avcdn.net/iavs9x/avast_free_antivirus_setup_online.exeASWSig2A2EC0971AB07DE15C30023Cccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                          https://honzik.avcdn.net/setup/avg-bg/release/avg_breach_guard_online_setup.exeASWSig2A14AA13983E189ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                            https://www.ccleaner.com/docs/ccleaner/using-ccleaner/browser-cleaningCCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                              https://recoveringlib.blogspot.comCCleaner64.exe, 0000000F.00000003.7303223557.000001F7CC4F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                http://honzik.avcdn.net/setup/avg-bs/release/avg_battery_saver_online_setup.exeASWSig2A7E478FFFFFA84ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                                  http://honzik.avcdn.net/setup/avg-av/release/avg_internet_security_online_setup.exeASWSig2A40170EEB1ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                                    https://service.piriform.com/ccsetup624.exe, 00000000.00000003.7077143181.0000000005B80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      http://iptc.org/std/Iptc4xmpExt/2008-02-29/CCleaner64.exe, 00000007.00000000.7146573931.00007FF6F26F5000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                                        https://ccleaner.com/go/app_cc_privacy_product_policyCCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                                          https://ccleaner.com/go/app_cc_acknowledgementsCCleaner64.exe, 00000007.00000000.7146573931.00007FF6F24A3000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                                            https://softwareupdatechecker.live-everest-media.net/api/v1/ProgramDefinitions/api/v1/ScanResultshttCCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                                              http://honzik.avcdn.net/setup/avast-tu/beta/avast_cleanup_online_setup.exeASWSig2A1E3DD1C1B204ED89FDccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                                                https://bits.avcdn.net/productfamily_ANTIVIRUS/insttype_ONE_FREE/platform_WIN/installertype_ONLINE/bCCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                                                  https://alldrivers4devices.netCCleaner64.exe, 0000000F.00000003.7303223557.000001F7CC4F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                    https://license.piriform.com/update1033BaseUpdateProviderOnCustomErrorExtraCCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                                                      http://honzik.avcdn.net/setup/avg-av/release/avg_antivirus_free_online_setup.exeASWSig2A2D7E61EA63DAccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                                                        https://install.avcdn.net/iavs9x/avast_pro_antivirus_setup_online.exeASWSig2A03A4D7B0044FDD707267F64ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                                                          https://softwareupdatechecker.staging-everest-media.netUsingccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse
                                                                                                                                                                                                                                                                                            https://install.avcdn.net/avg/beta9x/avg_internet_security_setup.exeASWSig2A7D77EF27F362060AF957E761ccsetup624.exe, 00000000.00000002.7467861559.0000000002EB4000.00000004.00000020.00020000.00000000.sdmp, CCleaner64.exe, 00000007.00000000.7144334452.00007FF6F173B000.00000002.00000001.01000000.00000019.sdmpfalse

                                                                                                                                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                                                                                                                                              Public IPs

                                                                                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                              34.111.24.1
                                                                                                                                                                                                                                                                                              		ipm-gcp-prod.ff.avast.comUnited States
                                                                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                              146.75.28.157
                                                                                                                                                                                                                                                                                              		platform.twitter.map.fastly.netSweden
                                                                                                                                                                                                                                                                                              		30051SCCGOVUSfalse
                                                                                                                                                                                                                                                                                              34.149.149.62
                                                                                                                                                                                                                                                                                              		ip-info-gcp.ff.avast.comUnited States
                                                                                                                                                                                                                                                                                              		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                                              35.244.154.8
                                                                                                                                                                                                                                                                                              		idsync.rlcdn.comUnited States
                                                                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                              64.202.112.95
                                                                                                                                                                                                                                                                                              		nydc1.outbrain.orgUnited States
                                                                                                                                                                                                                                                                                              		22075AS-OUTBRAINUSfalse
                                                                                                                                                                                                                                                                                              34.149.202.126
                                                                                                                                                                                                                                                                                              		driver-updater-gcp.ff.avast.comUnited States
                                                                                                                                                                                                                                                                                              		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                                              52.206.50.222
                                                                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                                                                              		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                              34.77.70.86
                                                                                                                                                                                                                                                                                              		streamback-cl1.ns1.ff.avast.comUnited States
                                                                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                              31.13.66.19
                                                                                                                                                                                                                                                                                              		scontent.xx.fbcdn.netIreland
                                                                                                                                                                                                                                                                                              		32934FACEBOOKUSfalse
                                                                                                                                                                                                                                                                                              104.244.42.133
                                                                                                                                                                                                                                                                                              		t.coUnited States
                                                                                                                                                                                                                                                                                              		13414TWITTERUSfalse
                                                                                                                                                                                                                                                                                              157.240.229.35
                                                                                                                                                                                                                                                                                              		star-mini.c10r.facebook.comUnited States
                                                                                                                                                                                                                                                                                              		32934FACEBOOKUSfalse
                                                                                                                                                                                                                                                                                              69.147.92.12
                                                                                                                                                                                                                                                                                              		edge.gycpi.b.yahoodns.netUnited States
                                                                                                                                                                                                                                                                                              		14777INKTOMI-LAWSONUSfalse
                                                                                                                                                                                                                                                                                              142.251.16.105
                                                                                                                                                                                                                                                                                              		www.google.comUnited States
                                                                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                              172.64.155.119
                                                                                                                                                                                                                                                                                              		geolocation.onetrust.comUnited States
                                                                                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                              239.255.255.250
                                                                                                                                                                                                                                                                                              		unknownReserved
                                                                                                                                                                                                                                                                                              		unknownunknownfalse
                                                                                                                                                                                                                                                                                              54.146.244.228
                                                                                                                                                                                                                                                                                              		dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.comUnited States
                                                                                                                                                                                                                                                                                              		14618AMAZON-AESUSfalse
                                                                                                                                                                                                                                                                                              20.50.2.53
                                                                                                                                                                                                                                                                                              		mstatic.ccleaner.comUnited States
                                                                                                                                                                                                                                                                                              		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                                                              142.251.167.102
                                                                                                                                                                                                                                                                                              		analytics.google.comUnited States
                                                                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                              18.160.41.112
                                                                                                                                                                                                                                                                                              		static-cdn.hotjar.comUnited States
                                                                                                                                                                                                                                                                                              		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                                                                                              142.251.16.156
                                                                                                                                                                                                                                                                                              		stats.g.doubleclick.netUnited States
                                                                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                              63.140.39.93
                                                                                                                                                                                                                                                                                              		2w99epxhne.data.adobedc.netUnited States
                                                                                                                                                                                                                                                                                              		4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
                                                                                                                                                                                                                                                                                              172.253.62.99
                                                                                                                                                                                                                                                                                              		unknownUnited States
                                                                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                              34.96.102.137
                                                                                                                                                                                                                                                                                              		dev.visualwebsiteoptimizer.comUnited States
                                                                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                              104.19.178.52
                                                                                                                                                                                                                                                                                              		cdn.cookielaw.orgUnited States
                                                                                                                                                                                                                                                                                              		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                                                                                              142.251.167.155
                                                                                                                                                                                                                                                                                              		googleads.g.doubleclick.netUnited States
                                                                                                                                                                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                              104.244.42.195
                                                                                                                                                                                                                                                                                              		s.twitter.comUnited States
                                                                                                                                                                                                                                                                                              		13414TWITTERUSfalse
                                                                                                                                                                                                                                                                                              34.160.176.28
                                                                                                                                                                                                                                                                                              		shepherd-gcp.ff.avast.comUnited States
                                                                                                                                                                                                                                                                                              		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                                              34.117.223.223
                                                                                                                                                                                                                                                                                              		analytics-prod-gcp.ff.avast.comUnited States
                                                                                                                                                                                                                                                                                              		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                                              52.51.126.101
                                                                                                                                                                                                                                                                                              		peso-1422535133.eu-west-1.elb.amazonaws.comUnited States
                                                                                                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                              52.85.132.115
                                                                                                                                                                                                                                                                                              		dcjdc5qmbbux7.cloudfront.netUnited States
                                                                                                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                              3.162.125.20
                                                                                                                                                                                                                                                                                              		widget.trustpilot.comUnited States
                                                                                                                                                                                                                                                                                              		16509AMAZON-02USfalse
                                                                                                                                                                                                                                                                                              99.84.191.43
                                                                                                                                                                                                                                                                                              		script.hotjar.comUnited States
                                                                                                                                                                                                                                                                                              		16509AMAZON-02USfalse

                                                                                                                                                                                                                                                                                              Private

                                                                                                                                                                                                                                                                                              IP
                                                                                                                                                                                                                                                                                              127.0.0.1
                                                                                                                                                                                                                                                                                              192.168.11.20

                                                                                                                                                                                                                                                                                              General Information

                                                                                                                                                                                                                                                                                              Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                                                                                                                                                              Analysis ID:1447672
                                                                                                                                                                                                                                                                                              Start date and time:2024-05-26 14:41:27 +02:00
                                                                                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                              Overall analysis duration:0h 17m 4s
                                                                                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                                              Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                                                                                                                                                                                              Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                                                                              Number of analysed new started processes analysed:44
                                                                                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                                              Sample name:ccsetup624.exe
                                                                                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                                                                                              Classification:mal40.spyw.evad.winEXE@55/252@77/34
                                                                                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                                                                                              • Successful, ratio: 60%
                                                                                                                                                                                                                                                                                              HCA Information:Failed
                                                                                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                                              • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                                                                                                                                                              Warnings

                                                                                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe, rundll32.exe, RuntimeBroker.exe, CompPkgSrv.exe, backgroundTaskHost.exe
                                                                                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 23.201.176.44, 23.73.228.150, 23.215.0.39, 23.215.0.49, 23.15.9.58, 23.15.9.42, 23.215.0.41, 23.215.0.47, 23.215.0.45, 142.251.16.101, 142.251.16.139, 142.251.16.100, 142.251.16.102, 142.251.16.113, 142.251.16.138, 23.199.71.137, 20.54.25.34, 23.222.201.169, 23.56.12.31, 23.62.169.38, 142.251.16.94, 142.251.167.84, 172.253.63.139, 172.253.63.138, 172.253.63.102, 172.253.63.113, 172.253.63.101, 172.253.63.100, 23.222.201.243, 23.199.71.146, 23.199.71.193, 23.199.71.200, 23.199.71.155, 34.104.35.123, 142.251.163.95, 23.33.181.129, 172.253.115.94, 23.55.200.133, 23.221.241.54, 23.201.172.70, 142.251.179.97, 23.48.104.16, 23.48.104.17, 23.62.168.145, 173.222.169.24, 172.253.62.95, 172.253.115.95, 172.253.63.95, 142.251.16.95, 172.253.122.95, 142.251.179.95, 142.250.31.95, 142.251.167.95, 142.251.111.95, 142.251.111.94, 23.218.218.170, 23.218.218.145, 23.218.218.181, 23.218.218.167, 23.218.218.155, 23.218.218.191, 104.96.165.78, 52.22.69.189, 34.202.242.166, 3.229.99.9, 23
                                                                                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): license.piriform.com-v2.edgekey.net, download.windowsupdate.com.delivery.microsoft.com, dl.delivery.mp.microsoft.com, cp601.prod.do.dsp.mp.microsoft.com, cn-assets.adobedtm.com.edgekey.net, clientservices.googleapis.com, a1024.dscg.akamai.net, a767.dspw65.akamai.net, service.piriform.com-v1.edgekey.net, disc601.prod.do.dsp.mp.microsoft.com, l-0005.l-msedge.net, a248.b.akamai.net, clients2.google.com, emupdate.avcdn.net.edgesuite.net, update.googleapis.com, hlb.apr-52dd2-0.edgecastdns.net, www.gstatic.com, wu-f-net.trafficmanager.net, array605.prod.do.dsp.mp.microsoft.com, geover.prod.do.dsp.mp.microsoft.com.edgekey.net, array612.prod.do.dsp.mp.microsoft.com, e13363.dsca.akamaiedge.net, dl.delivery.mp.microsoft.com.delivery.microsoft.com, www.google-analytics.com, ip46.go-mpulse.net.edgekey.net, tools.avcdn.net.edgesuite.net, www.ccleaner.com.edgekey.net, fonts.googleapis.com, geo.prod.do.dsp.mp.microsoft.com, e12358.d.akamaiedge.net, content-autofill.googleapis.co
                                                                                                                                                                                                                                                                                              • Execution Graph export aborted for target CCleaner.exe, PID 4720 because there are no executed function
                                                                                                                                                                                                                                                                                              • Execution Graph export aborted for target CCleaner64.exe, PID 8536 because there are no executed function
                                                                                                                                                                                                                                                                                              • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                                                                                                                                                                              Simulations

                                                                                                                                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                                                                                              08:45:08API Interceptor751645x Sleep call for process: CCleaner64.exe modified
                                                                                                                                                                                                                                                                                              13:44:16Task SchedulerRun new task: CCleaner Update path: C:\Program Files\CCleaner\CCUpdate.exe
                                                                                                                                                                                                                                                                                              13:44:18Task SchedulerRun new task: CCleanerCrashReporting path: C:\Program Files\CCleaner\CCleanerBugReport.exe s>--product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5c75d985-5a4f-4231-b996-70bdb906d557" --version "6.24.11060" --silent
                                                                                                                                                                                                                                                                                              13:44:18Task SchedulerRun new task: CCleanerSkipUAC - user path: "C:\Program Files\CCleaner\CCleaner.exe" s>$(Arg0)
                                                                                                                                                                                                                                                                                              13:44:37AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CCleaner Smart Cleaning "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
                                                                                                                                                                                                                                                                                              13:44:57AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run CCleaner Smart Cleaning "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

                                                                                                                                                                                                                                                                                              LLM Input / Output

                                                                                                                                                                                                                                                                                              InputOutput
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: Perplexity: mixtral-8x7b-instruct
                                                                                                                                                                                                                                                                                              {
"loginform": false,
"reasons": [
"The text does not contain any form fields for a username or password.",
"There is no 'Log In' or 'Sign In' button in the text.",
"The text is actually an announcement for a new version of CCIeaner software."
]
}
                                                                                                                                                                                                                                                                                              CCIeaner 6 EN For Business Download About Us For Home Support Search the knowledge center. _ I < ALL CCLEANER RELEASE ANNOUNCEMENTS CCIeaner v6.24.11060 23rd May 2024 | 2 mins read CCIeaner Alex Bennett Senior Product Manager With CCIeaner v6.24, we've enhanced cookie cleaning and slightly revamped the user interface to provide quicker access to Software updater, bringing a smoother, more efficient user experience.
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code is related to tracking and advertisement functionality, specifically for loading and initializing the Adalyser tracking script. It does not exhibit any malicious behavior."
}
                                                                                                                                                                                                                                                                                              (function(d){window["__adal_disable_"+d]||(function(a,c,b){if(!a[b]){a.GlobalAdalyserNamespace=a.GlobalAdalyserNamespace||[];a.GlobalAdalyserNamespace.push(b);a[b]=function(){(a[b].q=a[b].q||[]).push(arguments)};a[b].q=a[b].q||[];var e=c.createElement("script");c=c.getElementsByTagName("script")[0];e.async=1;e.src="//c5.adalyser.com/adalyser.js?cid\x3d"+d;c.parentNode.insertBefore(e,c)}}(window,document,"adalyserTracker"),window.adalyserTracker("create",{campaignCookieTimeout:15552E3,conversionCookieTimeout:604800,
clientId:d,trafficSourceInternalReferrers:["^(.*\\.)?ccleaner\\.com$"]}),window.adalyserTracker("trackSession","lce1"))})("ccleaner");
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code is for Google Tag Manager, which is commonly used for tracking and analytics purposes. It does not contain any malicious elements."
}
                                                                                                                                                                                                                                                                                              (function (w, d, s, l, i) {
        w[l] = w[l] || [];
        w[l].push({
            'gtm.start': new Date().getTime(),
            event: 'gtm.js'
        });
        var f = d.getElementsByTagName(s)[0],
            j = d.createElement(s),
            dl = l != 'dataLayer' ? '&l=' + l : '';
        j.async = true; j.src = 'https://www.googletagmanager.com/gtm.js?id=' + i + dl;
        f.parentNode.insertBefore(j, f);
        j.setAttributeNode(d.createAttribute('data-ot-ignore'));
    })(window, document, 'script', 'sdl', 'GTM-5HNSJRD');
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code is related to Twitter's tracking and advertisement functionality. It initializes and tracks page views using Twitter's Universal Website Tag (uwt.js). There are no indications of malicious behavior in this script."
}
                                                                                                                                                                                                                                                                                              !function(d,e,f,a,b,c){d.twq||(a=d.twq=function(){a.exe?a.exe.apply(a,arguments):a.queue.push(arguments)},a.version="1.1",a.queue=[],b=e.createElement(f),b.async=!0,b.src="//static.ads-twitter.com/uwt.js",c=e.getElementsByTagName(f)[0],c.parentNode.insertBefore(b,c))}(window,document,"script");twq("init","o4ls7");twq("track","PageView");
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code is related to Google Tag Manager, which is commonly used for tracking and analytics purposes. There are no indications of malicious behavior."
}
                                                                                                                                                                                                                                                                                              dataLayer = [];
    (function (w, d, s, l, i) {
        w[l] = w[l] || []; w[l].push({
            'gtm.start':
                new Date().getTime(), event: 'gtm.js'
        }); var f = d.getElementsByTagName(s)[0],
            j = d.createElement(s), dl = l != 'dataLayer' ? '&l=' + l : ''; j.async = true; j.src =
                '//www.googletagmanager.com/gtm.js?id=' + i + dl; f.parentNode.insertBefore(j, f);
        j.setAttributeNode(d.createAttribute('data-ot-ignore'));
    })(window, document, 'script', 'dataLayer', 'GTM-KFXRTR');
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code is a standard implementation of the Hotjar tracking script, which is used for website analytics and user behavior tracking. It does not exhibit any malicious behavior."
}
                                                                                                                                                                                                                                                                                              (function(a,c,e,f,d,b){a.hj=a.hj||function(){(a.hj.q=a.hj.q||[]).push(arguments)};a._hjSettings={hjid:857043,hjsv:6};d=c.getElementsByTagName("head")[0];b=c.createElement("script");b.async=1;b.src=e+a._hjSettings.hjid+f+a._hjSettings.hjsv;d.appendChild(b)})(window,document,"https://static.hotjar.com/c/hotjar-",".js?sv\x3d");
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 1,
  "reasons": "The code extracts a parameter from the URL and sets it as a cookie. This behavior is common for tracking purposes and does not appear to be malicious. The use of hexadecimal strings and cookie setting is typical for tracking or advertisement functionality."
}
                                                                                                                                                                                                                                                                                              function getParameterByName(a){a=a.toLowerCase();a=a.replace(/[\[]/,"\\[").replace(/[\]]/,"\\]");a=new RegExp("[\\?\x26]"+a+"\x3d([^\x26#]*)");a=a.exec(location.search);return null===a?"":decodeURIComponent(a[1].replace(/\+/g," "))}var cjeventidlwr=getParameterByName("cjevent"),now=new Date,time=now.getTime(),expTime=time+3888E6;now.setTime(expTime);
cjeventidlwr&&(document.cookie="x-cjevent\x3d"+cjeventidlwr+"; expires\x3d"+now.toGMTString()+"; path\x3d/; domain\x3d."+location.hostname.replace(/^www\./i,""));
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 2,
  "reasons": "The provided JavaScript code primarily deals with event tracking, consent management, and user interaction monitoring, which are common in web analytics and user experience optimization. There is no clear indication of malicious behavior such as data exfiltration, credential harvesting, or unauthorized access. However, the use of event listeners and data pushing to an external system (sdl) warrants a low-level risk score due to potential privacy concerns."
}
                                                                                                                                                                                                                                                                                              try{var event=google_tag_manager["rm"]["132702579"](136),ecommItems=google_tag_manager["rm"]["132702579"](139),wl=window.location,trackError=google_tag_manager["rm"]["132702579"](141);window.addEventListener("OneTrustGroupsUpdated",function(){var a=document.cookie.match(/OptanonConsent=.*?(consentId=(.*?)(?=&))/);sdl.push({client:{cmpId:a?a[2]:""},consentGroups:window.OptanonActiveGroups?window.OptanonActiveGroups:"",user:{update:{consent:{}}},event:"user.update.consent"})});ecommItems&&ecommItems.length&&(window.sdl=window.sdl||[],-1<event.indexOf("cbGA4_add_to_cart")?
sdl.push({event:"user.add.products",user:{add:{products:ecommItems}}}):-1<event.indexOf("cbGA4_remove_from_cart")&&sdl.push({event:"user.remove.products",user:{remove:{products:ecommItems}}}));if(-1<wl.href.indexOf("/knowledge")){var initialTime=new Date,endTime=new Date,finishTime=endTime.getTime(),parts=0,scrollHeight,partHeight,scrollDistance,divisible,scrollPercent,article=document.querySelectorAll("[data-id]"),articleId=article[0]&&article[0].dataset?article[0].dataset.id:"";document.addEventListener("scroll",
function(){scrollHeight=document.documentElement.scrollHeight-window.innerHeight;partHeight=scrollHeight/5;scrollDistance=document.documentElement.scrollTop;divisible=Math.trunc(scrollDistance/partHeight);if(parts<divisible&&Infinity!==divisible){scrollPercent=20*divisible;var a={event:"user.read.article",user:{read:{article:{id:articleId,url:wl.href,depth:String(scrollPercent)+"%",readerType:100===scrollPercent?60>Math.round((finishTime/1E3-initialTime)/1E3)?"scanner":"reader":""}}}};sdl.push(a);
parts++}})}}catch(a){console.error(a),trackError("tracking/js/javaScriptEventListeners",a)};
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 1,
  "reasons": "The provided JavaScript code primarily interacts with Google Tag Manager for tracking and event handling purposes. It initializes some tracking settings and handles errors. There are no obvious signs of malicious behavior such as data exfiltration, credential harvesting, or unauthorized access to sensitive information. The code appears to be part of a legitimate tracking or analytics setup."
}
                                                                                                                                                                                                                                                                                              (function sdl_hubInit(){var gtm=google_tag_manager["rm"]["132702579"](368);var HTMLid=385;var storageInitialization=google_tag_manager["rm"]["132702579"](372);window.sdlHub=window.sdlHub||{};window.sdlHub.trackError=google_tag_manager["rm"]["132702579"](376);var event=google_tag_manager["rm"]["132702579"](377);try{window.sdlHub.storage=window.initializedMarTechPlatforms;window.sdlHub.getTrackingSettings=google_tag_manager["rm"]["132702579"](378);window.sdlHub.cookieGet=google_tag_manager["rm"]["132702579"](379);window.sdlHub.cookieSet=google_tag_manager["rm"]["132702579"](380);window.sdlHub.eventTransform=google_tag_manager["rm"]["132702579"](384);
window.sdlHub.identifiers=window.sdlHub.identifiers||{};var globalInitFinish=function(){gtm.onHtmlSuccess(HTMLid)};globalInitFinish()}catch(err){window.sdlHub.trackError(event,"sdl.hubInit",err);gtm.onHtmlFailure(HTMLid)}})();
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code is primarily focused on Google Analytics functionality, including event tracking, user properties, and product interactions. It does not exhibit any malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The code interacts with Google Tag Manager and Google Analytics, which are common tools for web analytics and tracking. Therefore, it is considered safe and poses no risk."
}
                                                                                                                                                                                                                                                                                              (function sdl_google_analytics(){try{var storage=google_tag_manager["rm"]["132702579"](494);var googleAnalytics=google_tag_manager["rm"]["132702579"](542);var config=googleAnalytics.config;var event=google_tag_manager["rm"]["132702579"](544);var screen=google_tag_manager["rm"]["132702579"](546);var order=google_tag_manager["rm"]["132702579"](548);var system=google_tag_manager["rm"]["132702579"](550);var user=google_tag_manager["rm"]["132702579"](552);var eventPage=event==="screen";if(!storage.isPlatformInit("ga4")){var accounts=googleAnalytics._getGaAccount().id;if(!window.sdl_ga4){var x=document.getElementsByTagName("script")[0],s=document.createElement("script");
s.type="text/javascript";s.async=true;s.src="https://www.googletagmanager.com/gtag/js?id\x3d"+accounts[0]+"\x26l\x3dsdl";x.parentNode.insertBefore(s,x);storage.initPlatform("ga4");window.sdl=window.sdl||[];window.sdl_ga4=function(){window.sdl.push(arguments)};window.sdl_ga4("js",new Date)}var trackerParams={};trackerParams.send_page_view=false;if(config.filtersEnabled)trackerParams=config.applyFilters(trackerParams);accounts.forEach(function(account){window.sdl_ga4("config",account,trackerParams);
window.sdl_ga4("set","user_properties",googleAnalytics._setUserProperties())})}if(event==="screen"){googleAnalytics._sendEvent("page_view",{});if(screen.type==="list")if(screen.productLists&&screen.productLists.length)for(var i=0;i<screen.productLists.length;i++){var list=screen.productLists[i];var products=list.products;products.forEach(function(product){product.list=list.code});var gaProducts=[];for(var j=0;j<products.length;j++)gaProducts.push(config.productParams(products[j]));googleAnalytics._sendEvent("view_item_list",
{"item_list_name":list.code,"items":gaProducts})}}else if(event==="order"){if(screen.type==="checkout"){var products=order.products;var gaProducts=[];for(var i=0;i<products.length;i++)gaProducts.push(config.productParams(products[i]));googleAnalytics._sendEvent("checkout_"+screen.name.toLowerCase(),{})}}else if(event==="user.remove.products"||event==="user.add.products"){var products=user&&user.getContext&&user.getContext.products?user.getContext.products:[];var gaProducts=[];for(var i=0;i<products.length;i++)gaProducts.push(config.productParams(products[i]));
googleAnalytics._sendEvent(event==="user.remove.products"?"remove_from_cart":"add_to_cart",{items:gaProducts})}else if(event==="system.order"){var products=order.products;var gaProducts=[];for(var i=0;i<products.length;i++)gaProducts.push(config.productParams(products[i]));googleAnalytics._sendEvent("purchase",config.orderParams(gaProducts))}else{if(event==="user.update.consent")window.sdl_ga4("set","user_properties",googleAnalytics._setUserProperties());var params=config.customEvents(event)||{};
googleAnalytics._sendEvent(googleAnalytics._getEventName(event),params)}google_tag_manager["rm"]["132702579"](554).onHtmlSuccess(559)}catch(err){google_tag_manager["rm"]["132702579"](556)("tracking/js/sdl.google.analytics",
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 2,
  "reasons": "The code checks for the presence of 'addthis' and 'CCleaner.addThisExtension' objects and adds an event listener if certain conditions are met. While this behavior is not inherently malicious, it is unusual and could potentially be used to manipulate or track user interactions. However, without further context or evidence of harmful actions, the risk is considered low."
}
                                                                                                                                                                                                                                                                                              if (addthis !== undefined && window.CCleaner.addThisExtension !== undefined) {
        if (window.CCleaner.addThisExtension.instances.length > 0) {
            addthis.addEventListener('addthis.ready', window.CCleaner.addThisExtension.instances.first.addthisReady);
        }
    }
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: Perplexity: mixtral-8x7b-instruct
                                                                                                                                                                                                                                                                                              {
"loginform": false,
"reasons": [
"No form fields for username or password are present in the text.",
"No submit button for login is present in the text."
]
}
                                                                                                                                                                                                                                                                                              CCIeaner 6 EN For Business Download About us For Home Support CCIeaner We value your privacy < ALL By clicking "0K" you allow cookies that improve your experience on our site, help us analyze site performance and usage, and enable us to show relevant marketing content. You can manage cookie settings below. See Cookies policy. Reject All Manage... 0K CCIeaner Alex Bennett Senior Product Manager With CCIeaner v6.24, we've enhanced cookie cleaning and slightly revamped the user interface to provide quicker access to Software updater, bringing a smoother, more efficient user
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 7,
  "reasons": "The code contains references to 'ccSniffer' and 'CCleaner.sniffer', which suggest it might be attempting to sniff credit card information. Additionally, it accesses various cookies and manipulates them, which could be used for tracking or session hijacking. These behaviors are indicative of potentially malicious activity."
}
                                                                                                                                                                                                                                                                                              try{var ccSniffer=window.CCleaner?window.CCleaner.sniffer:null,orderInfo=window.sdl?window.sdl[0]:{},loc=document.location,cbCart=window.cbCart?window.cbCart:{},consentGroups=google_tag_manager["rm"]["132702579"](147),purchaseCookie=google_tag_manager["rm"]["132702579"](148),getCookie=google_tag_manager["rm"]["132702579"](149),setCookie=google_tag_manager["rm"]["132702579"](150),sdlXParams=google_tag_manager["rm"]["132702579"](151)?google_tag_manager["rm"]["132702579"](152):getCookie("_cc_xsource")?getCookie("_cc_xsource"):null,xParams={},locale=orderInfo.languageCountry?orderInfo.languageCountry.toLowerCase():getCookie("_cc_langChoice")?
getCookie("_cc_langChoice").toLowerCase():"en-ww",event=google_tag_manager["rm"]["132702579"](153),trackError=google_tag_manager["rm"]["132702579"](155);sdlXParams&&(Array.isArray(sdlXParams)?sdlXParams.forEach(function(b){for(var c in b)xParams[c]=b[c]}):typeof("string"===sdlXParams)&&sdlXParams.split("\x26").forEach(function(b){b&&(xParams[b.split("\x3d")[0]]=b.split("\x3d")[1])}));var checkoutInfo=function(){var b=orderInfo&&orderInfo.configParameterName?orderInfo.configParameterName:null,c={name:"N/A",account:"N/A",lob:"N/A",platform:"N/A"},
a=[{name:"inapp2021",account:"502",lob:"consumer",platform:"ipm"},{name:"piriform18_nr",account:"502",lob:"consumer",platform:"web"},{name:"inapp2021_nr",account:"502",lob:"consumer",platform:"ipm"},{name:"piriform18",account:"502",lob:"consumer",platform:"web"},{name:"piriform18_ps_nr",account:"502",lob:"consumer",platform:"web"},{name:"piriform18_ps",account:"502",lob:"consumer",platform:"web"},{name:"piriform18_ps_email_nr",account:"502",lob:"consumer",platform:"web"},{name:"piriform18_ps_email",
account:"502",lob:"consumer",platform:"web"},{name:"piriform16",account:"502",lob:"consumer",platform:"web"},{name:"piriform18-b2b_nr",account:"502",lob:"business",platform:"web"},{name:"piriform18-b2b",account:"502",lob:"business",platform:"web"},{name:"piriform18-b2b-cloud",account:"502",lob:"business",platform:"web"},{name:"inapp2015_nr",account:"502",lob:"consumer",platform:"ipm"},{name:"piriform18_clx13061",account:"502",lob:"consumer",platform:"web"},{name:"piriform18_ps",account:"1664",lob:"business",
platform:"web"},{name:"piriform18-b2b-cloud",account:"1664",lob:"business",platform:"web"},{name:"piriform18-b2b",account:"1664",lob:"business",platform:"web"}];return b?(a=a.filter(function(d){return d.name===b&&(d.account===cbCart.clientId||d.account===String(window.cid?window.cid:""))}),a[0]||c):c},checkoutInfoData=checkoutInfo(),screenCatType=function(b,c){var a={category:"",type:"",lob:"",provider:"",env:""};switch(b){case "www.ccleaner.com":-1<c.indexOf("/knowledge")?(a.category="blog",a.type=
"blog",a.lob="consumer"):c.match(/^\/$|^\/[a-z]{2}-[a-z]{2}(\/)?$/)?(a.category="core",a.type="homepage",a.lob="consumer"):-1<c.indexOf("/business")?(a.category="core",a.type="other",a.lob="business"):(a.category="core",a.type="other",a.lob="consumer");a.provider="Umbraco_CMS"
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 1,
  "reasons": "The code appears to be part of a performance monitoring or analytics script, likely from a service like Boomerang or Akamai. It does not exhibit any obvious malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The presence of tracking or advertisement functionality is considered no risk as per the given instructions."
}
                                                                                                                                                                                                                                                                                              !function(e){var n="https://s.go-mpulse.net/boomerang/";if("False"=="True")e.BOOMR_config=e.BOOMR_config||{},e.BOOMR_config.PageParams=e.BOOMR_config.PageParams||{},e.BOOMR_config.PageParams.pci=!0,n="https://s2.go-mpulse.net/boomerang/";if(window.BOOMR_API_key="KHFPC-EEZSQ-MPDZF-9BJVS-S3BCL",function(){function e(){if(!o){var e=document.createElement("script");e.id="boomr-scr-as",e.src=window.BOOMR.url,e.async=!0,i.parentNode.appendChild(e),o=!0}}function t(e){o=!0;var n,t,a,r,d=document,O=window;if(window.BOOMR.snippetMethod=e?"if":"i",t=function(e,n){var t=d.createElement("script");t.id=n||"boomr-if-as",t.src=window.BOOMR.url,BOOMR_lstart=(new Date).getTime(),e=e||d.body,e.appendChild(t)},!window.addEventListener&&window.attachEvent&&navigator.userAgent.match(/MSIE [67]\./))return window.BOOMR.snippetMethod="s",void t(i.parentNode,"boomr-async");a=document.createElement("IFRAME"),a.src="about:blank",a.title="",a.role="presentation",a.loading="eager",r=(a.frameElement||a).style,r.width=0,r.height=0,r.border=0,r.display="none",i.parentNode.appendChild(a);try{O=a.contentWindow,d=O.document.open()}catch(_){n=document.domain,a.src="javascript:var d=document.open();d.domain='"+n+"';void(0);",O=a.contentWindow,d=O.document.open()}if(n)d._boomrl=function(){this.domain=n,t()},d.write("<bo"+"dy onload='document._boomrl();'>");else if(O._boomrl=function(){t()},O.addEventListener)O.addEventListener("load",O._boomrl,!1);else if(O.attachEvent)O.attachEvent("onload",O._boomrl);d.close()}function a(e){window.BOOMR_onload=e&&e.timeStamp||(new Date).getTime()}if(!window.BOOMR||!window.BOOMR.version&&!window.BOOMR.snippetExecuted){window.BOOMR=window.BOOMR||{},window.BOOMR.snippetStart=(new Date).getTime(),window.BOOMR.snippetExecuted=!0,window.BOOMR.snippetVersion=12,window.BOOMR.url=n+"KHFPC-EEZSQ-MPDZF-9BJVS-S3BCL";var i=document.currentScript||document.getElementsByTagName("script")[0],o=!1,r=document.createElement("link");if(r.relList&&"function"==typeof r.relList.supports&&r.relList.supports("preload")&&"as"in r)window.BOOMR.snippetMethod="p",r.href=window.BOOMR.url,r.rel="preload",r.as="script",r.addEventListener("load",e),r.addEventListener("error",function(){t(!0)}),setTimeout(function(){if(!o)t(!0)},3e3),BOOMR_lstart=(new Date).getTime(),i.parentNode.appendChild(r);else t(!1);if(window.addEventListener)window.addEventListener("load",a,!1);else if(window.attachEvent)window.attachEvent("onload",a)}}(),"".length>0)if(e&&"performance"in e&&e.performance&&"function"==typeof e.performance.setResourceTimingBufferSize)e.performance.setResourceTimingBufferSize();!function(){if(BOOMR=e.BOOMR||{},BOOMR.plugins=BOOMR.plugins||{},!BOOMR.plugins.AK){var n=""=="true"?1:0,t="",a="m2stawaxh2usmzstf22a-f-b85744749-clientnsv4-s.akamaihd.net",i="false"=="true"?2:1,o={"ak.v":"37","ak.cp":"1237232","ak.ai":parseInt("733567",10),"ak.ol":"0","ak.cr":98,"ak.ipv":4,"ak.proto":"http/1.1","ak.rid":"d0aab3a","ak.r":41744,"ak.a2":n,"ak.m":"dsca","ak.n":"essl","ak.bpcip":"102.165.48
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 2,
  "reasons": "The code primarily interacts with Google Tag Manager, which is commonly used for tracking and analytics purposes. The presence of long random hexadecimal strings is noted but considered no risk. The code does not appear to perform any actions that are inherently malicious, such as stealing user data or injecting harmful scripts. However, it does collect and push event data, which could be a privacy concern if misused."
}
                                                                                                                                                                                                                                                                                              (function sdl_eventInit(){var gtm=google_tag_manager["rm"]["132702579"](23);var HTMLid=128;var trackError=google_tag_manager["rm"]["132702579"](25);try{var eventId=google_tag_manager["rm"]["132702579"](26);var event=google_tag_manager["rm"]["132702579"](27);var screen=google_tag_manager["rm"]["132702579"](39);var session=google_tag_manager["rm"]["132702579"](51);var system=google_tag_manager["rm"]["132702579"](65);var order=google_tag_manager["rm"]["132702579"](77);var user=google_tag_manager["rm"]["132702579"](91);var client=google_tag_manager["rm"]["132702579"](103);var server=google_tag_manager["rm"]["132702579"](115);var consentGroups=google_tag_manager["rm"]["132702579"](127);window.sdlHub[eventId]={"event":event,
"screen":screen,"session":session,"order":order,"system":system,"user":user,"client":client,"server":server,"consentGroups":consentGroups};if(event!=="user.update.consent")window.sdl.push({"event":"sdl."+window.sdlHub.eventTransform(event),"sdlEventID":eventId})}catch(err){trackError("tracking/js/sdl.eventInit",err)}})();
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 2,
  "reasons": "The code appears to be a tracking script from Yahoo (YAHOO.ywa.I13N.fireBeacon) and does not exhibit any immediate signs of malicious behavior. It loads an external script from a Yahoo domain and pushes tracking data. There is no evidence of phishing or other harmful activities."
}
                                                                                                                                                                                                                                                                                              (function(a,c,e,k,b){a[b]=a[b]||[];a[b].push({projectId:"10000",properties:{pixelId:"10180940",he:"\x3cemail_address\x3e"}});var d=c.createElement(e);d.src=k;d.async=!0;d.onload=d.onreadystatechange=function(){var f=this.readyState,l=a[b];if(!f||"complete"==f||"loaded"==f)try{var g=YAHOO.ywa.I13N.fireBeacon;a[b]=[];a[b].push=function(h){g([h])};g(l)}catch(h){}};c=c.getElementsByTagName(e)[0];e=c.parentNode;e.insertBefore(d,c)})(window,document,"script","https://s.yimg.com/wi/ytc.js","dotq");
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 1,
  "reasons": "The provided JavaScript code appears to be related to tracking and event handling using Google Tag Manager. It does not exhibit any obvious signs of malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The code primarily initializes event tracking and handles errors, which is typical for analytics and tracking purposes."
}
                                                                                                                                                                                                                                                                                              (function sdl_eventInit(){var gtm=google_tag_manager["rm"]["132702579"](387);var HTMLid=492;var trackError=google_tag_manager["rm"]["132702579"](389);try{var eventId=google_tag_manager["rm"]["132702579"](390);var event=google_tag_manager["rm"]["132702579"](391);var screen=google_tag_manager["rm"]["132702579"](403);var session=google_tag_manager["rm"]["132702579"](415);var system=google_tag_manager["rm"]["132702579"](429);var order=google_tag_manager["rm"]["132702579"](441);var user=google_tag_manager["rm"]["132702579"](455);var client=google_tag_manager["rm"]["132702579"](467);var server=google_tag_manager["rm"]["132702579"](479);var consentGroups=google_tag_manager["rm"]["132702579"](491);window.sdlHub[eventId]={"event":event,
"screen":screen,"session":session,"order":order,"system":system,"user":user,"client":client,"server":server,"consentGroups":consentGroups};if(event!=="user.update.consent")window.sdl.push({"event":"sdl."+window.sdlHub.eventTransform(event),"sdlEventID":eventId})}catch(err){trackError("tracking/js/sdl.eventInit",err)}})();
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 1,
  "reasons": "The code appears to be part of Visual Website Optimizer (VWO), a legitimate A/B testing and conversion optimization tool. It includes functionality to load external scripts and modify the page's opacity, which is typical for such tools to prevent flickering during A/B tests. There are no obvious signs of malicious behavior such as data exfiltration or credential harvesting. The risk score is low, but as with any external script loading, there is a minimal inherent risk."
}
                                                                                                                                                                                                                                                                                              var _vwo_code=(function(){
var account_id=176159,
settings_tolerance=2000,
library_tolerance=2500,
use_existing_jquery=false,

f=false,d=document;return{use_existing_jquery:function(){return use_existing_jquery;},library_tolerance:function(){return library_tolerance;},finish:function(){if(!f){f=true;var a=d.getElementById('_vis_opt_path_hides');if(a)a.parentNode.removeChild(a);}},finished:function(){return f;},load:function(a){var b=d.createElement('script');b.src=a;b.type='text/javascript';b.innerText;b.onerror=function(){_vwo_code.finish();};d.getElementsByTagName('head')[0].appendChild(b);},init:function(){settings_timer=setTimeout('_vwo_code.finish()',settings_tolerance);var a=d.createElement('style'),b='body{opacity:0 !important;filter:alpha(opacity=0) !important;background:none !important;}',h=d.getElementsByTagName('head')[0];a.setAttribute('id','_vis_opt_path_hides');a.setAttribute('type','text/css');if(a.styleSheet)a.styleSheet.cssText=b;else a.appendChild(d.createTextNode(b));h.appendChild(a);this.load('//dev.visualwebsiteoptimizer.com/j.php?a='+account_id+'&u='+encodeURIComponent(d.URL)+'&r='+Math.random());return settings_timer;}};}());_vwo_settings_timer=_vwo_code.init();
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code primarily interacts with Google Tag Manager and appears to be related to tracking and error handling functionality. There are no indications of malicious behavior such as data exfiltration, credential harvesting, or unauthorized access. The use of long random hexadecimal strings is considered no risk."
}
                                                                                                                                                                                                                                                                                              (function sdl_hubInit(){var gtm=google_tag_manager["rm"]["132702579"](4);var HTMLid=21;var storageInitialization=google_tag_manager["rm"]["132702579"](8);window.sdlHub=window.sdlHub||{};window.sdlHub.trackError=google_tag_manager["rm"]["132702579"](12);var event=google_tag_manager["rm"]["132702579"](13);try{window.sdlHub.storage=window.initializedMarTechPlatforms;window.sdlHub.getTrackingSettings=google_tag_manager["rm"]["132702579"](14);window.sdlHub.cookieGet=google_tag_manager["rm"]["132702579"](15);window.sdlHub.cookieSet=google_tag_manager["rm"]["132702579"](16);window.sdlHub.eventTransform=google_tag_manager["rm"]["132702579"](20);
window.sdlHub.identifiers=window.sdlHub.identifiers||{};var globalInitFinish=function(){gtm.onHtmlSuccess(HTMLid)};globalInitFinish()}catch(err){window.sdlHub.trackError(event,"sdl.hubInit",err);gtm.onHtmlFailure(HTMLid)}})();
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code primarily interacts with Google Tag Manager for tracking and event handling purposes. It initializes various tracking settings and handles errors. There are no indications of malicious behavior such as data exfiltration, credential harvesting, or unauthorized access attempts. The code is focused on tracking and advertisement functionality, which is considered no risk."
}
                                                                                                                                                                                                                                                                                              (function sdl_hubInit(){var gtm=google_tag_manager["rm"]["132702579"](161);var HTMLid=178;var storageInitialization=google_tag_manager["rm"]["132702579"](165);window.sdlHub=window.sdlHub||{};window.sdlHub.trackError=google_tag_manager["rm"]["132702579"](169);var event=google_tag_manager["rm"]["132702579"](170);try{window.sdlHub.storage=window.initializedMarTechPlatforms;window.sdlHub.getTrackingSettings=google_tag_manager["rm"]["132702579"](171);window.sdlHub.cookieGet=google_tag_manager["rm"]["132702579"](172);window.sdlHub.cookieSet=google_tag_manager["rm"]["132702579"](173);window.sdlHub.eventTransform=google_tag_manager["rm"]["132702579"](177);
window.sdlHub.identifiers=window.sdlHub.identifiers||{};var globalInitFinish=function(){gtm.onHtmlSuccess(HTMLid)};globalInitFinish()}catch(err){window.sdlHub.trackError(event,"sdl.hubInit",err);gtm.onHtmlFailure(HTMLid)}})();
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 2,
  "reasons": "The code appears to be related to tracking and event management, likely for analytics purposes. It does not exhibit typical malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The use of 'google_tag_manager' and event tracking suggests it is part of a legitimate tracking or analytics system. However, the obfuscated nature of the code and the lack of context about 'google_tag_manager' functions warrant a low-risk score."
}
                                                                                                                                                                                                                                                                                              (function sdl_eventInit(){var gtm=google_tag_manager["rm"]["132702579"](180);var HTMLid=285;var trackError=google_tag_manager["rm"]["132702579"](182);try{var eventId=google_tag_manager["rm"]["132702579"](183);var event=google_tag_manager["rm"]["132702579"](184);var screen=google_tag_manager["rm"]["132702579"](196);var session=google_tag_manager["rm"]["132702579"](208);var system=google_tag_manager["rm"]["132702579"](222);var order=google_tag_manager["rm"]["132702579"](234);var user=google_tag_manager["rm"]["132702579"](248);var client=google_tag_manager["rm"]["132702579"](260);var server=google_tag_manager["rm"]["132702579"](272);var consentGroups=google_tag_manager["rm"]["132702579"](284);window.sdlHub[eventId]={"event":event,
"screen":screen,"session":session,"order":order,"system":system,"user":user,"client":client,"server":server,"consentGroups":consentGroups};if(event!=="user.update.consent")window.sdl.push({"event":"sdl."+window.sdlHub.eventTransform(event),"sdlEventID":eventId})}catch(err){trackError("tracking/js/sdl.eventInit",err)}})();
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 0,
  "reasons": "The provided JavaScript code appears to be related to Outbrain, a content marketing platform. It includes a marketer ID and loads an external script from amplify.outbrain.com. There are no indications of malicious behavior such as data exfiltration, credential stealing, or unauthorized access. The code is primarily for tracking and advertisement purposes, which is considered no risk."
}
                                                                                                                                                                                                                                                                                              !function(a,b){var e="001ac0827d67b7b38319c9517e7fa2f4cc";if(a.obApi)b=function(d){return"[object Array]"===Object.prototype.toString.call(d)?d:[d]},a.obApi.marketerId=b(a.obApi.marketerId).concat(b(e));else{var c=a.obApi=function(){c.dispatch?c.dispatch.apply(c,arguments):c.queue.push(arguments)};c.version="1.1";c.loaded=!0;c.marketerId=e;c.queue=[];a=b.createElement("script");a.async=!0;a.src="//amplify.outbrain.com/cp/obtp.js";a.type="text/javascript";b=b.getElementsByTagName("script")[0];b.parentNode.insertBefore(a,
b)}}(window,document);obApi("track","PAGE_VIEW");
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 2,
  "reasons": "The provided JavaScript code primarily deals with URL parameters, cookies, and referrer information, which are common in tracking and affiliate marketing. There are no obvious signs of malicious behavior such as data exfiltration, credential stealing, or unauthorized access. However, the code does manipulate cookies and URL parameters, which could potentially be used in a more complex malicious context. Given the context provided, the risk is low but not zero."
}
                                                                                                                                                                                                                                                                                              function getTopLevelDomain_(a){if(!a)return"direct";var b=document.createElement("a");b.href=a;try{return b.hostname.match(/^(www\.)?(.+?)(\/.*)?$/)[2]}catch(c){return""}}function getAllUrlParameters_(a){var b={},c=document.createElement("a");c.href=a.toLowerCase();a=c.search.substring(1);a=a.split("\x26");for(c=0;c<a.length;c++){var d=a[c].split("\x3d");b[d[0]]=decodeURIComponent(d[1])}return b}
function getCookie_(a){var b="; "+document.cookie;a=b.split("; "+a+"\x3d");if(1<a.length)return a.pop().split(";")[0]}function containsKnownReferrer(a){return knownReferrers.hasOwnProperty(a)?"known":"unknown"}function selectAffSource(){return affSource=urlParametersArray.includes("affiliate")?"avantgate":allUrlParameters.utm_source.toLowerCase().includes("a8")?"a8":Object.keys(affiliates).includes(allUrlParameters.utm_source)?allUrlParameters.utm_source:"other"}
function affiliateSegmentCode(){return urlParametersArray.includes("affiliate")?affiliates[selectAffSource()]:allUrlParameters.hasOwnProperty("utm_medium")?"affiliate"==allUrlParameters.utm_medium.toLowerCase()?affiliates[selectAffSource()]:"":""}function isCampaignSet(){return allUrlParameters.hasOwnProperty("utm_campaign")?allUrlParameters.utm_campaign:"(not set)"}function isMediumSet(){return allUrlParameters.hasOwnProperty("utm_medium")?allUrlParameters.utm_medium:"(not set)"}
function isSourceSet(){return allUrlParameters.hasOwnProperty("utm_source")?allUrlParameters.utm_source:"(not set)"}function trSrcCode_(){var a=new Date,b=a.getFullYear()-2016;a=a.getMonth();return b=output.srcSegment+"_"+output.segmentCode+b+monthSymbol[a]}function iniSrcCode_(){var a="source\x3d"+output.name+"|medium\x3d"+output.medium+"|campaign\x3d"+output.campaign+"|segmentCode\x3d"+output.segmentCode;return a}function iniSrc_trSrc(a,b){return trSrcCode_()+"||"+iniSrcCode_()}
function isPpcSegmentCode(){return allUrlParameters.hasOwnProperty("ppc")?allUrlParameters.ppc.charAt(0):""}function referringDomainCheck(){return"direct"==referringDomain&&"seznam"==allUrlParameters.utm_source?"seznam":referringDomain}function createCookie_(a,b,c,d,e){getCookie_(a)||(a=a+"\x3d"+b+";",c&&(a+="Expires\x3d"+c.toGMTString()+";"),d&&(a+="Path\x3d"+d+";"),e&&(a+="Domain\x3d"+e+";"),document.cookie=a)}
function setCookieExpiration_(){return document.location.href.includes("secureline")||document.location.href.includes("vpn")||document.location.href.includes("hidemyass")?72:document.location.href.includes("omni")?72:2}function includes(a,b){return 0<=b.indexOf(a)?!0:!1}function getPageId_(){if(dataLayer)for(var a=0;a<dataLayer.length;a++){if(dataLayer[a].hasOwnProperty("pageId"))return dataLayer[a].pageId}else return"0"}
function ppcSrcSegment_(){return allUrlParameters.hasOwnProperty("ppc_code")?allUrlParameters.ppc_code:"001"}
var topLevelDomain=getTopLevelDomain_(document.location.hostname),referringDomain=getTopLevelDomain_(document.referrer).split(".")[0],hostnameWithTLD=getTopLevelDomain_(document.referrer),allUrlParameters=ge
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 2,
  "reasons": "The provided JavaScript code primarily deals with tracking and setting cookies related to traffic sources. It does not appear to perform any malicious actions such as stealing user data, injecting malicious scripts, or redirecting users to phishing sites. The code uses Google Tag Manager functions and sets cookies based on traffic source information. However, it does access and manipulate cookies and localStorage, which could potentially be used for tracking purposes. This is why a minimal risk score is assigned."
}
                                                                                                                                                                                                                                                                                              (function(){try{var a=google_tag_manager["rm"]["132702579"](131),f=google_tag_manager["rm"]["132702579"](132),g=google_tag_manager["rm"]["132702579"](133),c={},p=function(b){var n="abcdefghijkl".split(""),e=new Date,d=e.getFullYear()-2016;d=9<d?n[d-10]:d;e=e.getMonth();return b=b.srcSegment+"_"+b.segmentCode+d+n[e]},u=function(b){return b="source\x3d"+b.name+"|medium\x3d"+b.medium+"|campaign\x3d"+b.campaign+"|segmentCode\x3d"+b.segmentCode},h=a.trafficSources,k;for(k in h)h[k].condition&&(c=h[k]);Object.keys(c).length||(c={name:"(Other)",medium:"(none)",source:"(not set)",
srcSegment:"007",segmentCode:"z",campaign:"(not set)"});var l=g(a.trSrcCookieName);localStorage.getItem("_cc_trSrc");if(a.topLevelDomain.split(".")[1]!==a.referringDomain.split(".")[1]){var q=g(a.srcCookieName),r=p(c)+"||"+u(c),t=p(c);var m=/secureline|vpn|hidemyass|omni/.test(document.location.pathname)?3:2/24;q&&q===r||f(a.srcCookieName,r,m,a.topLevelDomain);l&&l===t||f(a.trSrcCookieName,t,m,a.topLevelDomain);a.full_trSrc&&f("test_FULL_trSrc",a.full_trSrc,m,a.topLevelDomain)}l=g(a.trSrcCookieName)}catch(b){google_tag_manager["rm"]["132702579"](135)("tracking/js/TrafficSourceCookies",
b)}})();
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 1,
  "reasons": "The provided JavaScript code appears to be parsing and manipulating the URL to extract and format certain parts of it. It also sets up an analytics object with various properties related to the page content and structure. There are no obvious signs of malicious behavior such as data exfiltration, unauthorized access, or harmful actions. The code seems to be related to site analytics, which is generally low risk. However, as a precaution, a minimal risk score is assigned due to the potential for misuse in different contexts."
}
                                                                                                                                                                                                                                                                                              var pageurl = "/knowledge/ccleaner-v6-24-11060";
    if (pageurl.match(/\/?([a-z]{2}-[a-z]{2})\//)) {
        pageurl = pageurl.replace(pageurl.match(/\/?([a-z]{2}-[a-z]{2})\//)[0], '');
    }
    var regexPattern = /\/?([a-z0-9-]*)\//;
    var subsection = "";
    var subsubsection = "";
    var pagename = "";

    if (subsection === '') {
        subsection = (pageurl.match(regexPattern))[0];
        pageurl = pageurl.replaceAll(subsection, '');

        if (pageurl.search('/') >= 0 && subsubsection === '') {
            subsubsection = (pageurl.match(regexPattern))[0];
            pageurl = pageurl.replace(subsubsection, '');
        }

        if (pagename === '') {
            pagename = pageurl.replace(pageurl.match(/\?([a-z0-9-=]*)/), '');
        }
    }

    var nortonAnalytics = {
        "account": "symanteccom",
        "site_country": "en-US".match(/(?<=-)(.)+$/)[0].toLowerCase(),
        "site_language": "en-US".match(/^(.)+(?=-)/)[0].toLowerCase(),
        "content_title": "CCleaner v6.24.11060",
        "content_format": "html",
        "content_type": "page",
        "site_section": "ccleaner",
        "site_sub_section": subsection.replaceAll('/', ''),
        "site_sub_sub_section": subsubsection.replaceAll('/', ''),
        "page_name": pagename,
    };
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: Perplexity: mixtral-8x7b-instruct
                                                                                                                                                                                                                                                                                              {
"loginform": false,
"reasons": [
"No form fields for username or password were found in the text.",
"No submit button for the login form was found in the text.",
"The text is focused on cookie policy and does not contain a login form."
]
}
                                                                                                                                                                                                                                                                                              CCIeaner 6 EN For Business Download About us For Home Support CCIeaner We value your privacy < ALL By clicking "0K" you allow cookies that improve your experience on our site, help us analyze site performance and usage, and enable us to show relevant marketing content. You can manage cookie settings below. See Cookies policy. Reject All Manage... 0K CCIeaner Alex Bennett Senior Product Manager With CCIeaner v6.24, we've enhanced cookie cleaning and slightly revamped the user interface to provide quicker access to Software updater, bringing a smoother, more efficient user
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: Perplexity: mixtral-8x7b-instruct
                                                                                                                                                                                                                                                                                              {
"loginform": false,
"reasons": [
"No form fields for username or password are present in the text.",
"No submit button for login is present in the text."
]
}
                                                                                                                                                                                                                                                                                              CCIeaner 6 EN For Business Download About us For Home Support CCIeaner We value your privacy < ALL By clicking "0K" you allow cookies that improve your experience on our site, help us analyze site performance and usage, and enable us to show relevant marketing content. You can manage cookie settings below. See Cookies policy. Reject All Manage... 0K CCIeaner Alex Bennett Senior Product Manager With CCIeaner v6.24, we've enhanced cookie cleaning and slightly revamped the user interface to provide quicker access to Software updater, bringing a smoother, more efficient user
                                                                                                                                                                                                                                                                                              URL: https://symantec.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.ccleaner.com Model: Perplexity: mixtral-8x7b-instruct
                                                                                                                                                                                                                                                                                              {
"loginform": false,
"reasons": [
"No form fields for username or password are present in the text.",
"No form submission method (e.g. POST) is mentioned in the text."
]
}
                                                                                                                                                                                                                                                                                              CCIeaner 6 EN For Business Download About Us For Home Support Search the knowledge center. _ < ALL I
                                                                                                                                                                                                                                                                                              URL: https://www.ccleaner.com/knowledge/ccleaner-v6-24-11060?cv=v6-24-11060 Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 7,
  "reasons": "The script sets and reads cookies, which can be used for tracking, but it also dynamically loads an external script from a potentially suspicious domain (gendigital.siteintercept.qualtrics.com). This behavior can be used for malicious purposes such as injecting harmful code or phishing. The use of random hexadecimal strings is noted but not considered risky in itself."
}
                                                                                                                                                                                                                                                                                              (function(){var l=function(e,g,f,h){this.get=function(a){a+="\x3d";for(var b=document.cookie.split(";"),c=0,k=b.length;c<k;c++){for(var d=b[c];" "==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null};this.set=function(a,b){var c=new Date;c.setTime(c.getTime()+6048E5);c="; expires\x3d"+c.toGMTString();document.cookie=a+"\x3d"+b+c+"; path\x3d/; "};this.check=function(){var a=this.get(f);if(a)a=a.split(":");else if(100!=e)"v"==g&&(e=Math.random()>=
e/100?0:100),a=[g,e,0],this.set(f,a.join(":"));else return!0;var b=a[1];if(100==b)return!0;switch(a[0]){case "v":return!1;case "r":return b=a[2]%Math.floor(100/b),a[2]++,this.set(f,a.join(":")),!b}return!0};this.go=function(){if(this.check()){var a=document.createElement("script");a.type="text/javascript";a.src=h;document.body&&document.body.appendChild(a)}};this.start=function(){var a=this;"complete"!==document.readyState?window.addEventListener?window.addEventListener("load",function(){a.go()},
!1):window.attachEvent&&window.attachEvent("onload",function(){a.go()}):a.go()}};try{(new l(100,"r","QSI_S_ZN_4I1jhjmxub1NC6y","https://zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.com/SIE/?Q_ZID\x3dZN_4I1jhjmxub1NC6y")).start()}catch(e){}})();
                                                                                                                                                                                                                                                                                              URL: https://symantec.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.ccleaner.com Model: Perplexity: mixtral-8x7b-instruct
                                                                                                                                                                                                                                                                                              {
"loginform": false,
"reasons": [
"No form fields for username or password are present in the text.",
"No submit button for the login form is present in the text."
]
}
                                                                                                                                                                                                                                                                                              CCIeaner 6 EN For Business Download About us For Home Support CCIeaner We value your privacy < ALL By clicking "0K" you allow cookies that improve your experience on our site, help us analyze site performance and usage, and enable us to show relevant marketing content. You can manage cookie settings below. See Cookies policy. Reject All Manage... 0K CCIeaner Alex Bennett Senior Product Manager With CCIeaner v6.24, we've enhanced cookie cleaning and slightly revamped the user interface to provide quicker access to Software updater, bringing a smoother, more efficient user
                                                                                                                                                                                                                                                                                              URL: https://symantec.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwww.ccleaner.com Model: gpt-4o
                                                                                                                                                                                                                                                                                              ```json
{
  "riskscore": 2,
  "reasons": "The JavaScript code appears to be part of a legitimate tracking or advertisement functionality, specifically related to Demdex (Adobe Audience Manager). It handles cookies, sets secure attributes, and processes messages. There are no obvious signs of malicious behavior such as data exfiltration, keylogging, or unauthorized access to sensitive information. However, it does manipulate cookies and interacts with the parent window, which could be used maliciously in other contexts. Therefore, a low risk score is assigned."
}
                                                                                                                                                                                                                                                                                              var Demdex={version:"6.2",dest:"5",PROTOCOL:"https:"==document.location.protocol?"https:":"http:",COOKIE_DOMAIN:function(){var a=document.domain;/demdex\.net$/i.test(a)&&(a=".demdex.net");return a}(),SIX_MONTHS_IN_MINUTES:259200,THREAD_YIELDING_DELAY:100,errorReportingEnabled:!1,sent:[],errored:[],timesDextpWasCleared:0,dpids:null,cbmacros:["%timestamp%","%rnd%","%did%","%http_proto%"],validators:{isPopulatedString:function(a){return"string"==typeof a&&a.length}},addListener:function(){if(document.addEventListener)return function(a,
b,c){a.addEventListener(b,function(a){"function"==typeof c&&c(a)},!1)};if(document.attachEvent)return function(a,b,c){a.attachEvent("on"+b,function(a){"function"==typeof c&&c(a)})}}(),replaceMacro:function(a){var b;if("%rnd%"==a||"%timestamp%"==a)return""+(new Date).getTime();if("%did%"==a){if(this.dpids===Object(this.dpids)&&this.validators.isPopulatedString(this.dpids.uuid))return this.dpids.uuid;if(b=this.getCookie("demdex"))return b.replace(/==/g,"").replace(/:/,"-")}return"%http_proto%"==a?"https:"==
document.location.protocol?"https":"http":a},canSetCookie:function(){var a,b;return navigator.cookieEnabled&&(a=this.getCookie("demdex"),a||(this.setCookie("_dp","1",1,"/",this.COOKIE_DOMAIN,!1),b=this.getCookie("_dp")),a||b)?(this.setCookie("_dp","1",-1E3,"/",this.COOKIE_DOMAIN,!1),!0):!1},getCookie:function(a){a+="=";var b=document.cookie.split(";"),c,g,d;c=0;for(g=b.length;c<g;c++){for(d=b[c];" "==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return decodeURIComponent(d.substring(a.length,
d.length))}return null},setCookie:function(a,b,c,g,d,e){var f=new Date;c&&(c*=6E4);document.cookie=a+"="+b+(c?";expires="+(new Date(f.getTime()+c)).toUTCString():"")+(g?";path="+g:"")+(d?";domain="+d:"")+(e||"https:"===this.PROTOCOL?";secure":"")+";SameSite=None"},sendMessage:function(a){a=encodeURIComponent("---destpub-to-parent---")+a;this.xd.parentUrl||(this.xd.parentUrl=decodeURIComponent(document.location.hash.replace(/^#/,"")));this.xd.postMessage(a,this.xd.parentUrl,parent);return a},onMessage:function(a){try{var b=
this.getCookie("demdex")||"",c=this.getCookie("DexLifeCycle")||"";if(!(b.match(/^DID:/)||b.match(/^NOTARGET/)||b.match(/dv2:jY0wRKU\/M28\/lvlLHbINBA==/)||c.match(/^NOTARGET/))){var b=/^---destpub-debug---/,c=/^---destpub---/,g=/^---destpub-combined---/,d=/^---destpub-clear-dextp---/;if("string"!==typeof a)return"Invalid message received";d.test(a)&&(this.setCookie("dextp","",-1E3,"/",this.COOKIE_DOMAIN,!1),this.timesDextpWasCleared++,a=a.replace(d,""));if(b.test(a)||c.test(a)||g.test(a)){if(b.test(a))this.errorReportingEnabled=
!0,a=a.replace(b,"");else if(c.test(a))a=a.replace(c,"");else if(g.test(a)){a=a.replace(g,"");var e=a.split("%01");this.processThreadYieldedMessages(e);return}this.processMessage(a)}else return"Invalid message received"}}catch(f){this.fireErrorPixel("Error in Demdex.onMessage function: "+f.message)}},processThreadYieldedMessages:function(a){var b=this;this.processMessage(a.s

                                                                                                                                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                                                                                                                                              IPs

                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                              Domains

                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                              ASNs

                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                                                                                                                              No context

                                                                                                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\CCUpdate.exe

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):714256
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.717097807562694
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12288:VBkGdCMw6KJx17OeNg086YN/ggggMDMCy/VmuqLZeviFGQ2mfzAuEUVoFY:VBkeFw62+ggggMvGmev/6ZEUVoFY
                                                                                                                                                                                                                                                                                              MD5:0F0B90A01F049665CA511335F9F0BF2E
                                                                                                                                                                                                                                                                                              SHA1:BAF4016E50050B24925437864BFB3C19D0BAA901
                                                                                                                                                                                                                                                                                              SHA-256:4AD9635351C8E8579C4D4C2BDD679EA7B135EC329ADC6FD5D8211255E2E666BE
                                                                                                                                                                                                                                                                                              SHA-512:44DA936D020E857BF3BFA2BCC7A91182DA9C1F320FE041BB2836D4E8AE99D4B939EA27842B49B9A2CD24E09C7698579617584D431A2B2F7EAFDAFA1FB9A59C50
                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$........d..........pw.....pw..k...pw.....pw......y`.....y......y......y......pw......p.....9k.....}.....pw..................ap.....by......by.....byb..........by.....Rich....................PE..L......c...............".............R.......0....@.......................................@.....................................@........................B.......Y..........................@...........@............0..0............................text...!........................... ..`.rdata..B....0......................@..@.data...X8...@......................@....rsrc................0..............@..@.reloc...Y.......Z...J..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\CCleaner.exe

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):39169952
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.007950344420559
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:393216:e7qbJxEMwFak0aUYc58Wa5BMfDaYvaWBv9Lls+wk6rqNuw+Aufj+PhSp0DuAeCY/:KqVxXoFUO5kaH+qw+AuqPsBJk
                                                                                                                                                                                                                                                                                              MD5:AB264CBE086494E6E4F57E1975F032EC
                                                                                                                                                                                                                                                                                              SHA1:655C056E8C5B27E6077CF768CCF4E0A22A11438A
                                                                                                                                                                                                                                                                                              SHA-256:D5F775DE69F56F2CD1051AA0EC43BBC39D5723E69E441BEA621A8BB81AF0394E
                                                                                                                                                                                                                                                                                              SHA-512:E42505AEC83084567A5C91288BFECD31CC2CBEF610566E9DCF7F771D8EAC163EC283147D1ED1DED3D7280FC2DC43250FD672ACF310E7A79F06977186FFFA74BC
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......x..<..<..<................2....+.,.....+................6.....:...........G..(..8.....=.....6.....:.....=...........:..j.....5.E.>..<..T..<.....j........s.....=....).=..<.A.8.....=..Rich<..................PE..L....'f...............'..4...B...............5...@...........................w.......U...@...................................D...................H.U.X)....d..U...^d.T...................@_d.....H.K.@.............5.T...<.......................text...<.4.......4................. ..`.rdata...8W...5..:W...4.............@..@.data...42=..@.......$..............@....didat..............................@....rsrc................2..............@..@.reloc...U....d..V...0B.............@..B........................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\CCleaner64.exe

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):45430176
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.851362161330396
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:393216:/f3Inpz3Jq4yMrIuf7tLvUpXPHvJT/l8uXHMJU7IPb8zKM9rqN/sw+AJQ+PhSp08:/vcDJx25MJU74Hsw+AJPPsBJ
                                                                                                                                                                                                                                                                                              MD5:64F2F2700C072BDE21A02E45D0A05C68
                                                                                                                                                                                                                                                                                              SHA1:927AAE4306E78B5793046E43447ED4E246D69598
                                                                                                                                                                                                                                                                                              SHA-256:0604F0D27369B2F9D2546884139ADD0B3139749A2DF724CFF510396722BBF44B
                                                                                                                                                                                                                                                                                              SHA-512:7C3BDF0ED6550FBBC65CAFA5F4F0D90A6941A3DED598538EF7C04345CC454979362F54447977152FC3C094125D0F2E5CC94D585F746930D2DCEAD9B7AED18E43
                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........p..............Dc..h...Ne......U.......U.......U...........G...........Ud.......d...............ir.............]d.......d..............Dc......Dc......U........n......Dc......Dc..............Sd......Ud......g.......g.......g.........v.....g.......Rich............PE..d...T.'f.........."....'..v..za......V0........@.............................p...........`.........................................@...L.......D.....6..-....'.D...H...X).......S...4..T....................6..(....o..@.............v..%..X........................text.....v.......v................. ..`.rdata..B.p...v...p...v.............@..@.data... v@..`...t...<..............@....pdata..D.....'.....................@..@.didat........6.....................@..._RDATA........6.....................@..@.rsrc....-....6.....................@..@.reloc...S.......T..................@..B........................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\CCleanerBugReport.exe

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):5074848
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.54030787972484
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:98304:xOL+jxb7547PfJPowFhAcLQvdfYpx5D3O:xOijxP5yAcEvdAP3O
                                                                                                                                                                                                                                                                                              MD5:30F22B80E4FA1BEA515CE41175E94DE8
                                                                                                                                                                                                                                                                                              SHA1:9F63FB1CF285CD0B450DA752C2C4CEF44C1B18A8
                                                                                                                                                                                                                                                                                              SHA-256:A0FC2EF59874C00C0DCE3E9990718B569A7A77426B21857D77710095268F1294
                                                                                                                                                                                                                                                                                              SHA-512:22B639061F87F731369AA67ECEF6EE69DAF4FE0B3CB8F3CEB0C0A8640193D79F756FDE5704B421A19CE284EECB64B81325A18CB4F1C4A2E010240E0D7538A531
                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$...........Z...Z...Z.........\.d.V...\...I.....S...\...-...\...H.....J...S...X.......Z...W.....r.....[.....~.....}...Z.......0.......0...[...0.f.[...Z...X...0...[...RichZ...........PE..d......e.........."....&..2..4.......n.........@.............................0N.....B?N...`.........................................0.A.......A.,.....L......0J..[..HFM.X)....M.hj..P.:.......................:.(.....:.@.............2..............................text....2.......2................. ..`.rdata...2....2..4....2.............@..@.data...P.....B..j....A.............@....pdata...[...0J..\...\I.............@..@_RDATA........L.......K.............@..@.rsrc.........L.. ....K.............@..@.reloc..hj....M..l....L.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\CCleanerDU.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):13442464
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.611624361039513
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:196608:BMaYyFvA0OpdAFHT3132nh/XXIfqfZUGu:BMaVlA0OpdAFz3132nh/Ifqi
                                                                                                                                                                                                                                                                                              MD5:180F4FF0625CDC440B271CCB2CF6EFAE
                                                                                                                                                                                                                                                                                              SHA1:8E500BF460CC6B41182526B8A682D010A47CC628
                                                                                                                                                                                                                                                                                              SHA-256:34B4D2339EE5FA56FDFA6AC197881369C14BCB8555C4F2253D0BF96DDB1C6659
                                                                                                                                                                                                                                                                                              SHA-512:A87975E8C316E9A0DD230964DF28020B545C0E63105F7A54E1FC530809F3F8DCF5D92E12D926E1116574B31F0B9B4FC2895EB6D472B321B9D387CDC5B58AEF71
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................X...........!..L.!This program cannot be run in DOS mode....$.......H...t...t...t.......t.......t....p..t.......t......|t.......t.......t......+t.......t......t..Z...2t.......t..Z...uw...t..<t......#t...t..v..f...:v..f....t..f.r..t...t...t..f....t..Rich.t..........................PE..d....;.f.........." ...&.d....:.....@8U.............................................f'....`A........................................p.......,...................8...H...X)... ...T..@O.......................Q..(....N..@............................................text....c.......d.................. ..`.rdata....'.......'..h..............@..@.data........P...r..................@....pdata..8...........................@..@_RDATA..............................@..@.rsrc...............................@..@.reloc...T... ...V..................@..B................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\CCleanerPerformanceOptimizer.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):13387680
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.620508374717523
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:196608:JqXA5n/0ZJVfPu3g4Um8UT3kuXLDE9tFCju:J35n/0Ttog4/8UT3ku7DE9tcj
                                                                                                                                                                                                                                                                                              MD5:A66A9DBE38A467A25E7A213B007D567D
                                                                                                                                                                                                                                                                                              SHA1:ED7181EDA129ACA80EA47A038538C033168F8449
                                                                                                                                                                                                                                                                                              SHA-256:C5FE65C2A9CFEA6D43D9E8874F0140A3AA8C34C32CF4C4299C689EFBD0295230
                                                                                                                                                                                                                                                                                              SHA-512:7C1E79FFBEA6CC4E3F04DEF1A32402BD1ABDD4535FB9C5362662F0738EB3428367F6C7CA7A5DB1C02CE963C751259DDCBEE413509F9C40A5EACACA03E0FCF9AB
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................`...........!..L.!This program cannot be run in DOS mode....$......................."........~d......~.......~.......~......"......."...............k......."......."...............3......................."...........j....~..+....~.......~f..............~......Rich............................PE..d....,.e.........." ...&......9......oV......................................`............`A...............................................................0...1..H...X)......DM..............................(.......@............0..(............................text............................... ..`.rdata....&..0....&.................@..@.data....-.......0.................@....pdata...1...0...2..................@..@_RDATA.......p.......H..............@..@.rsrc...............J..............@..@.reloc..DM.......N..................@..B........................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1085856
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.642147647204742
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24576:FMpWIjgBvLUjJnXlbhmTDh0lhSMXln1E4BC+:FwjgBTkJnVbhSylFC+
                                                                                                                                                                                                                                                                                              MD5:21F845A804361181A6D9C49C8055F4D7
                                                                                                                                                                                                                                                                                              SHA1:F656335B70C8B06797AA64EC323CEF6498355DF7
                                                                                                                                                                                                                                                                                              SHA-256:FB3B5E5859F79AAEF00EFED56C5C9A2277C73C9AF0AFD6BE47E580F9A0366662
                                                                                                                                                                                                                                                                                              SHA-512:E9D000D9BC2B830FFD711DE8BA96FA17497CBC6021D24D08ACF777B789738EE12336731423ADC5550EFA421092DC4BF07E1F025FD03C635248781992220DF71A
                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........{.V...V...V.......S...............G...V...W....O..F....O..D....O..5...B...R.......Q...V........L..P....L.W...V..W....L..W...RichV...................PE..d...b.'f.........."....'............p..........@.....................................5....`.....................................................<............P..Lb..Hh..X).......... ...T.......................(....V..@............ ..0.......@....................text............................... ..`.rdata....... ......................@..@.data............>..................@....pdata..Lb...P...d..................@..@.didat..0............4..............@..._RDATA...............6..............@..@.rsrc............ ...8..............@..@.reloc...............X..............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\CCleanerReactivator.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2357152
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.525101239394115
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:49152:bFJMFJziejpH8o7+PgH1m4OjqaLvTzv+wyhcH0lISGF+U6:bFJo8Ikqgvk
                                                                                                                                                                                                                                                                                              MD5:7AD01AB138B4766A4B305C749CB55E0D
                                                                                                                                                                                                                                                                                              SHA1:2D414126EA43761F701FA43BCC064658FC669FD7
                                                                                                                                                                                                                                                                                              SHA-256:419F17D730FE5229C9D6FF0D7D27847F61350809959AB5B4E3A3508BD5B44F9E
                                                                                                                                                                                                                                                                                              SHA-512:CCD46EE191A7834544D3387E0F38F897DDEC8143C58055F6C44D1821837F64375355BF39EE8469BA57AB434AB38EC6E01750B7D41456841D39F6702C56E128BB
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........`K3..%`..%`..%`'s&a..%`'s aV.%`'s!a..%`..`..%`.!a..%`. a..%`.&a..%`.y.`..%`..%`..%`.t a..%`6t!a..%`'s$a..%`..$`@.%`..,a;.%`..%a..%`...`..%`...`..%`..'a..%`Rich..%`........................PE..d....+.e.........." ...&............@.........................................$......q$...`A........................................ Z.......Z........#.......".h...H.#.X)...P$..@..............................(...p...@...............x............................text............................... ..`.rdata..............................@..@.data................\..............@....pdata..h.....".......!.............@..@_RDATA........#.......#.............@..@.rsrc.........#.......#.............@..@.reloc...@...P$..B....#.............@..B........................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\CCleanerReactivator.exe

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):192928
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.8273704800621235
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:fCvX9hjRa7YzodSub8J0ta8cs0nBiZOuaS+41/oPyIRNorVNDCOSp3CvdHOcJn++:fCzjRaWoMub8iHP0BqQ686dSpwlrJiA
                                                                                                                                                                                                                                                                                              MD5:B788B8A1E12B028CCC1ADE0E42206156
                                                                                                                                                                                                                                                                                              SHA1:031A2C172E57E95186BAF99232D838B5CD1B9D8C
                                                                                                                                                                                                                                                                                              SHA-256:F7239A2B9ACF34839243B946D0520B409F8DD965B0AE8B6080D2F4178E480883
                                                                                                                                                                                                                                                                                              SHA-512:8DD5201A235A4377EB4A5CD5C48D1F4E62F1846C67E2525A941C4DB80D150B815E3C035B612BE30A39D1B297AA6627CC1DD6227E68D48863C6AB1F1AACCB3E37
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>.l.z...z...z.........z...{...r..j...r..u.....}.....v.....y...r..Q...z...'...q..{...q..{...z..{...q..{...Richz...........PE..d...\.'f.........."....'.......................@..........................................`.....................................................(.......X...........H...X)......X....y..p...............................@...............`...$...@....................text...P........................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@_RDATA..............................@..@.rsrc...X........ ..................@..@.reloc..X...........................@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Data\DUState.dat

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):528583
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.261728731597492
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:qPWOiVWWQNtWSN1zOmC/oTlYvb9WnTUQjVuTVX8VEL6hVZ7AcaWmPskbjmjrqPRz:b1pmhupGBkK9zV6k7x2qsbGGIi
                                                                                                                                                                                                                                                                                              MD5:3720EBF1ADCF751B35D68F3BB3637F01
                                                                                                                                                                                                                                                                                              SHA1:3BE2B9AD11D23773F84C9A9FCBE43DE01144B443
                                                                                                                                                                                                                                                                                              SHA-256:BC8746867BC6A4A4BF758663955553A11FED8A649384FDD836669949653B8DB7
                                                                                                                                                                                                                                                                                              SHA-512:F4ECE84C21817B6ABF2B65B68AC667221018E93D6DFB4D61F782D45A4BC2BE707F5419DBB44281742C81D04DE986AFDDAD8676E48CF35B55EE9DF289E55403B7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:{..."Backups" : [],..."DeviceList" : ...[....{....."childrenIds" : [],....."class" : "System",....."classGuid" : "{4D36E97D-E325-11CE-BFC1-08002BE10318}",....."classIconName" : "System",....."compatibleIds" : .....[......"PCI\\VEN_8086&DEV_A338&REV_F0",......"PCI\\VEN_8086&DEV_A338",......"PCI\\VEN_8086&CC_060400",......"PCI\\VEN_8086&CC_0604",......"PCI\\VEN_8086",......"PCI\\CC_060400&DT_4",......"PCI\\CC_060400",......"PCI\\CC_0604&DT_4",......"PCI\\CC_0604".....],....."connected" : true,....."containerId" : "{00000000-0000-0000-FFFF-FFFFFFFFFFFF}",....."devType" : 34,....."deviceInst" : 11,....."driversList" : .....[......{......."backupDate" : 0,......."backupFileName" : "C:\\Program Files\\CCleaner\\Data\\BackupStorage\\INTEL__10.1.1.7.zip",......."crashCounter" : 0,......."cveIdentifiers" : [],......."description" : "INTEL-Intel(R)PCIExpressRootPort#1-A338",......."downloadJobGUID" : "",......."driverDate" : 13078886400,......."driverDateFormatted" : "2015-06-16 00:00:00",......

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Data\StateHistory\DUState 2024-05-26 12-45-08-542.dat

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):528583
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.261728731597492
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:qPWOiVWWQNtWSN1zOmC/oTlYvb9WnTUQjVuTVX8VEL6hVZ7AcaWmPskbjmjrqPRz:b1pmhupGBkK9zV6k7x2qsbGGIi
                                                                                                                                                                                                                                                                                              MD5:3720EBF1ADCF751B35D68F3BB3637F01
                                                                                                                                                                                                                                                                                              SHA1:3BE2B9AD11D23773F84C9A9FCBE43DE01144B443
                                                                                                                                                                                                                                                                                              SHA-256:BC8746867BC6A4A4BF758663955553A11FED8A649384FDD836669949653B8DB7
                                                                                                                                                                                                                                                                                              SHA-512:F4ECE84C21817B6ABF2B65B68AC667221018E93D6DFB4D61F782D45A4BC2BE707F5419DBB44281742C81D04DE986AFDDAD8676E48CF35B55EE9DF289E55403B7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:{..."Backups" : [],..."DeviceList" : ...[....{....."childrenIds" : [],....."class" : "System",....."classGuid" : "{4D36E97D-E325-11CE-BFC1-08002BE10318}",....."classIconName" : "System",....."compatibleIds" : .....[......"PCI\\VEN_8086&DEV_A338&REV_F0",......"PCI\\VEN_8086&DEV_A338",......"PCI\\VEN_8086&CC_060400",......"PCI\\VEN_8086&CC_0604",......"PCI\\VEN_8086",......"PCI\\CC_060400&DT_4",......"PCI\\CC_060400",......"PCI\\CC_0604&DT_4",......"PCI\\CC_0604".....],....."connected" : true,....."containerId" : "{00000000-0000-0000-FFFF-FFFFFFFFFFFF}",....."devType" : 34,....."deviceInst" : 11,....."driversList" : .....[......{......."backupDate" : 0,......."backupFileName" : "C:\\Program Files\\CCleaner\\Data\\BackupStorage\\INTEL__10.1.1.7.zip",......."crashCounter" : 0,......."cveIdentifiers" : [],......."description" : "INTEL-Intel(R)PCIExpressRootPort#1-A338",......."downloadJobGUID" : "",......."driverDate" : 13078886400,......."driverDateFormatted" : "2015-06-16 00:00:00",......

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Data\StateHistory\InitialDUState V23_4.dat

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):528583
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.261728731597492
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:qPWOiVWWQNtWSN1zOmC/oTlYvb9WnTUQjVuTVX8VEL6hVZ7AcaWmPskbjmjrqPRz:b1pmhupGBkK9zV6k7x2qsbGGIi
                                                                                                                                                                                                                                                                                              MD5:3720EBF1ADCF751B35D68F3BB3637F01
                                                                                                                                                                                                                                                                                              SHA1:3BE2B9AD11D23773F84C9A9FCBE43DE01144B443
                                                                                                                                                                                                                                                                                              SHA-256:BC8746867BC6A4A4BF758663955553A11FED8A649384FDD836669949653B8DB7
                                                                                                                                                                                                                                                                                              SHA-512:F4ECE84C21817B6ABF2B65B68AC667221018E93D6DFB4D61F782D45A4BC2BE707F5419DBB44281742C81D04DE986AFDDAD8676E48CF35B55EE9DF289E55403B7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:{..."Backups" : [],..."DeviceList" : ...[....{....."childrenIds" : [],....."class" : "System",....."classGuid" : "{4D36E97D-E325-11CE-BFC1-08002BE10318}",....."classIconName" : "System",....."compatibleIds" : .....[......"PCI\\VEN_8086&DEV_A338&REV_F0",......"PCI\\VEN_8086&DEV_A338",......"PCI\\VEN_8086&CC_060400",......"PCI\\VEN_8086&CC_0604",......"PCI\\VEN_8086",......"PCI\\CC_060400&DT_4",......"PCI\\CC_060400",......"PCI\\CC_0604&DT_4",......"PCI\\CC_0604".....],....."connected" : true,....."containerId" : "{00000000-0000-0000-FFFF-FFFFFFFFFFFF}",....."devType" : 34,....."deviceInst" : 11,....."driversList" : .....[......{......."backupDate" : 0,......."backupFileName" : "C:\\Program Files\\CCleaner\\Data\\BackupStorage\\INTEL__10.1.1.7.zip",......."crashCounter" : 0,......."cveIdentifiers" : [],......."description" : "INTEL-Intel(R)PCIExpressRootPort#1-A338",......."downloadJobGUID" : "",......."driverDate" : 13078886400,......."driverDateFormatted" : "2015-06-16 00:00:00",......

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):137
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.4991355069897025
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:lgJJM0hGM1JJM0hA7D3E889pLcXgPv/6KG4jL3WwFvn:2JMuNJMuY3cIwPdJFvn
                                                                                                                                                                                                                                                                                              MD5:C025F857749F62C26496A3E5F4674944
                                                                                                                                                                                                                                                                                              SHA1:6C0C63B14354842CB7F3E675EF6823E057889E14
                                                                                                                                                                                                                                                                                              SHA-256:0DEAB2E8DB2C5F67D4A282DDAFD65CC862F6E94C479F28697870C239F9CB9689
                                                                                                                                                                                                                                                                                              SHA-512:10D96915A008B2C21DB0E2E75D4A6792C66A82EDF45D0CF927E4569D2103ABDC2B8228C8AA2068A309E504A0EB8D0E19290A98B6F1A7DF14D2A62009F3F336D0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:..To Be Filled By O.E.M...To Be Filled By O.E.M..(Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz .....*.ASRockRack2.Intel 906ed8.@@.H.P.|X..`..

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Data\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\a9bc366c-b65c-4916-986c-1b8f5527fd80

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):694
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.4350021503414325
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:CUZ4or7B3XczI9cG1jBGdeFOoTOwkiOASlkJPue5xUH+/Ex:CUZ4oRHcs9c+1meAoTcyJWeye/Ex
                                                                                                                                                                                                                                                                                              MD5:BA52D86AE545F71BDC70DF1B7BA01C09
                                                                                                                                                                                                                                                                                              SHA1:DB98304480EF523AB961200EDFCA1DA2BF9A7706
                                                                                                                                                                                                                                                                                              SHA-256:BDD5ED2EEE65E96BF634F70318917BDEE49A82166A0E9030135A69A7B6BEA205
                                                                                                                                                                                                                                                                                              SHA-512:5BE054800B97518F14804503429344FE8A9CA9C0321530D58A7391CCF5E99C3F061F79B837B363793A8790F263160933D9EC044F670DF9FFC3DDB17BBF6C3EED
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:burgerdata..................................z..O.......@p....G...2..=............f...... ....;K.=h./.W..$...5........K)..v............ ....C...\s.1H.U.RN.cf.......(....c.......<tO......?D.R...E....C>..J...Zvtw.t,.Ff+..+.3.X...k...]...2...g.(..d....8v(.k@s..p...D".....fU=...0.B........?.X].;@.(....-..>..doU.....Lu)..\;........h.r..t2....nK9.W.{...vap.%.Xm...{....S-.<RN..1....B...z......s.6.G............A]..O..Z.K.!..gS......[......EW..H.5.!B".....V.X..~..k.[.5.... .,..R..G,|..8..0cFK..{...+/Mn.R..b.qF.....I...?...T.$.1).!.Ca.9..a........y2.G.S...`b...P...o..%t.7`.RPsM.U.~)O.M/.j..U!.F!...{.!ALi@....\.;..WK.u...}*..I..*......J...u...b...&T..Z.,&]aD.v.D..WT..

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Data\state_cache.json (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):10457
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.117691268545209
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:FyLSte/E92GwEijOVTyXdTt62nV8obBsQ:FyLSd8GwEiqVTyXdTt62nV8KsQ
                                                                                                                                                                                                                                                                                              MD5:621FC221389A53F0D335338E7D79C591
                                                                                                                                                                                                                                                                                              SHA1:56C967A7C2C2D68BB055EED6B6837660AC9C8A46
                                                                                                                                                                                                                                                                                              SHA-256:BC8C77B0A93D4ED00323EC582E75DBAD41091ACDBE5D7286F0316A7D4C1DB0A1
                                                                                                                                                                                                                                                                                              SHA-512:D44273F069E2E6AC9000CB90E787BA0B67F88C08224FA2C28A38BB57E68EFB4395CBABA7680913D76518E3BBDAA9E11AFB56CEFD8BF72C0FC8BE1CC2FEB7597D
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:{"lastScans":[["S-1-5-21-3425316567-2969588382-3778222414-1001",{"current":{"finishedTimestampMs":1716727484591,"progress":null,"result":{"name":"Success","value":0},"sessionID":"{310BF321-AE33-431C-9362-676A52F276B2}","startedTimestampMs":1716727471900},"successful":{"finishedTimestampMs":1716727484591,"progress":null,"result":{"name":"Success","value":0},"sessionID":"{310BF321-AE33-431C-9362-676A52F276B2}","startedTimestampMs":1716727471900}}]],"lastUpdatedTimestamp":1716727484591,"patches":{"items":[],"lastSuccessfulScanTimestamp":1716727484591},"perMachineProducts":{"items":[["tp2819",{"architecture":"32-bit","availableVersion":"24.002.20759","currentVersion":"21.007.20091","detectionTimestamp":1716727477810,"downloadDurationMs":0,"downloadSize":0,"icon":{"path":"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"},"id":"tp2819","ignored":false,"installerPath":"","isEndOfLife":false,"isUnsupported":false,"isUpToDate":false,"manualUpdateUrl":"","perUser":false,"

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Data\state_cache.json.{5D730CDA-315C-40BC-918E-17D18B6ED9E7}

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):10457
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.117691268545209
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:FyLSte/E92GwEijOVTyXdTt62nV8obBsQ:FyLSd8GwEiqVTyXdTt62nV8KsQ
                                                                                                                                                                                                                                                                                              MD5:621FC221389A53F0D335338E7D79C591
                                                                                                                                                                                                                                                                                              SHA1:56C967A7C2C2D68BB055EED6B6837660AC9C8A46
                                                                                                                                                                                                                                                                                              SHA-256:BC8C77B0A93D4ED00323EC582E75DBAD41091ACDBE5D7286F0316A7D4C1DB0A1
                                                                                                                                                                                                                                                                                              SHA-512:D44273F069E2E6AC9000CB90E787BA0B67F88C08224FA2C28A38BB57E68EFB4395CBABA7680913D76518E3BBDAA9E11AFB56CEFD8BF72C0FC8BE1CC2FEB7597D
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:{"lastScans":[["S-1-5-21-3425316567-2969588382-3778222414-1001",{"current":{"finishedTimestampMs":1716727484591,"progress":null,"result":{"name":"Success","value":0},"sessionID":"{310BF321-AE33-431C-9362-676A52F276B2}","startedTimestampMs":1716727471900},"successful":{"finishedTimestampMs":1716727484591,"progress":null,"result":{"name":"Success","value":0},"sessionID":"{310BF321-AE33-431C-9362-676A52F276B2}","startedTimestampMs":1716727471900}}]],"lastUpdatedTimestamp":1716727484591,"patches":{"items":[],"lastSuccessfulScanTimestamp":1716727484591},"perMachineProducts":{"items":[["tp2819",{"architecture":"32-bit","availableVersion":"24.002.20759","currentVersion":"21.007.20091","detectionTimestamp":1716727477810,"downloadDurationMs":0,"downloadSize":0,"icon":{"path":"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe"},"id":"tp2819","ignored":false,"installerPath":"","isEndOfLife":false,"isUnsupported":false,"isUpToDate":false,"manualUpdateUrl":"","perUser":false,"

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Data\usercfg.ini

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):111
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.879032757813204
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:tv+hrj+pEWttTi6KvqWXN7OCNGO4JgHLuZ:tmhX+t/irNFNnbSZ
                                                                                                                                                                                                                                                                                              MD5:D1DD2391E9CC3257BED5925F71B684A3
                                                                                                                                                                                                                                                                                              SHA1:4161F92463DD17360729540C0CD6D77C5504C9D5
                                                                                                                                                                                                                                                                                              SHA-256:F836DFFFEB2F50B11FAA0A1FEB7600AE26B662C700E5A7DC11297E818B083226
                                                                                                                                                                                                                                                                                              SHA-512:FC6A89581346583B06EED907F7A62C5C034A7C99D1F730E5FF4DABB4773B80B44328D9D9E912FF5F2C2572699EA47A3B69A6D476ED6F846F6B3F873E0324D24D
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:...[DriverUpdater]..LastRevert=0..LastScan=1716727502..LastUpdate=0....[GDPR]..thirdPartyAnalyticsEnabled=1..

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\LOG\BugReport.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleanerBugReport.exe
                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                              Size (bytes):3442
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.042621948286861
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:96:kPKS008OX2jWMZBXHT1TXTLTSR4XiqdWPnanu7:kCS00862jWMZBXHT1TXTLTSR4Xi1PnaO
                                                                                                                                                                                                                                                                                              MD5:9D4321451045AD0B1AE46B11874093AA
                                                                                                                                                                                                                                                                                              SHA1:B8057C4B3E6B9F847241E89875A9BD69910BEA60
                                                                                                                                                                                                                                                                                              SHA-256:9ECC3F844AA83A3258333271B2C7C98F55AD1A2DB65E910C60C7F651DDD2CF7A
                                                                                                                                                                                                                                                                                              SHA-512:F7C8AF22285F3BD206AD102673D076D83A24EFEF48056CEE573D4852A33653CFA238BE056BC912199BFE09AB36BBA38207E487435E1012EBFBF9BBFF42E97975
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 315] BugReport started...[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 88] - valid package type found in [send]: 0..[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 88] - valid package type found in [send]: 2..[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 103] - setting [product] to 90..[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 112] - setting [path] to C:\Program Files\CCleaner\LOG..[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 121] - setting [programpath] to C:\Program Files\CCleaner..[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 145] - setting [version] to 6.24.11060..[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 149] - setting [guid] to 5c75d985-5a4f-4231-b996-70bdb906d557..[2024-05-26 12:44:18.995] [notice ] [bu

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\LOG\BugReport.status

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleanerBugReport.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):56
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.41599515489879
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Z8z5NvRUH9HUnTkiTVXqK:n9H9i5
                                                                                                                                                                                                                                                                                              MD5:5DA5AA8EE59C574DE45601C48D43A908
                                                                                                                                                                                                                                                                                              SHA1:5BF569AE636A0D125EC1A1A74BB7CF713246D746
                                                                                                                                                                                                                                                                                              SHA-256:67EF5B0B33E64D1B7A6463E77C9AF743FD0C95DA77CFDD482B1B50A61669B134
                                                                                                                                                                                                                                                                                              SHA-512:9730CEEB9684981DC1C6C618647FE02DF0E037D8766DC400C814A553B4BE64438CA8051B9EE587100CA777E54243E3E4B7C39AA8671C2954509458DEF34DB09E
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:2|LogFilesWithReport-90-6.24.11060|17167274602672286|2..

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\LOG\DriverUpdEng.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1331
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.017542147732043
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:k8N4zoXgPNozoXgrNlN391grHANXQy1ggVH+JNXQ0n1gzlbRtNXFB1ganEbJRtNm:k8N4pPNoprNlNn+ANXTleJNXB1QRtNXZ
                                                                                                                                                                                                                                                                                              MD5:D9A6D79B109CB109D925A2974E50DFAB
                                                                                                                                                                                                                                                                                              SHA1:542DA544980A094775EC35DDD1734C9FDDB1630A
                                                                                                                                                                                                                                                                                              SHA-256:A4DCA541E9F4B65CC5FB039CEDEEDC8D31E5513B1A83348C152332AB4798D022
                                                                                                                                                                                                                                                                                              SHA-512:68A1721984E159B7456C880549BD6B6685DEA33B4FF13F70312EA44EA5A78BA8D576233FDEE7D7DED2D93DDFDB644BC4FD9488D3791B035DC863922B7F5240B3
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.[2024-05-26 12:44:22.357] [info ] [DULib ] [ 5804: 2104] [107B0F: 222] [23.4.4927.0] [DeviceManager.cpp] [222] DriverUpdater::DeviceManager::Init: Initialize Update Engine..[2024-05-26 12:44:36.391] [info ] [DULib ] [ 5172: 2832] [107B0F: 222] [23.4.4927.0] [DeviceManager.cpp] [222] DriverUpdater::DeviceManager::Init: Initialize Update Engine..[2024-05-26 12:45:02.902] [info ] [DULib ] [ 5804:10224] [BC3B94:1501] [23.4.4927.0] [DriverUpdater.cpp] [1501] DriverUpdater::DriverUpdaterImpl::logTask: Creating new SCAN Task..[2024-05-26 12:45:02.918] [info ] [DULib ] [ 5804: 5088] [BC3B94:2286] [23.4.4927.0] [DriverUpdater.cpp] [2286] DriverUpdater::DriverUpdaterImpl::Scan: Starting Scan..[2024-05-26 12:45:07.167] [info ] [DULib ] [ 5804: 5088] [BC3B94:2321] [23.4.4927.0] [DriverUpdater.cpp] [2321] DriverUpdater::DriverUpdaterImpl::Scan: We found 34 Devices on your system...[2024-05-26 12:45:08.636] [info ] [DULib ] [ 5804: 5088] [BC3B94:2337] [23

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\LOG\DriverUpdEngTask.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):3
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.584962500721156
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:g:g
                                                                                                                                                                                                                                                                                              MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
                                                                                                                                                                                                                                                                                              SHA1:57218C316B6921E2CD61027A2387EDC31A2D9471
                                                                                                                                                                                                                                                                                              SHA-256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
                                                                                                                                                                                                                                                                                              SHA-512:37C783B80B1D458B89E712C2DFE2777050EFF0AEFC9F6D8BEEDEE77807D9AEB2E27D14815CF4F0229B1D36C186BB5F2B5EF55E632B108CC41E9FB964C39B42A5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\LOG\DriverUpdaterLib.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                              Size (bytes):7868
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.9604141280937055
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:kgc0HHFPeJaHLNCKZnjX7NeEZnjX7NeEFXCKbmymSmAfHmJmTm1mApmvU0CKw/jh:jTjXZLjXZzloSOrXa2rXamN
                                                                                                                                                                                                                                                                                              MD5:1C49F5D19634A5EF1D50D1D2DC941B67
                                                                                                                                                                                                                                                                                              SHA1:22AE58220E9B652BEF61A8B48DCCAC70D126285C
                                                                                                                                                                                                                                                                                              SHA-256:FD02169EBFE0D1268BB86E31797F33DB95C8DDF864897E4E4744231B22DD067A
                                                                                                                                                                                                                                                                                              SHA-512:978D6ED50870B6802A23750A55226AACF88CFA65D916542D33FCA4EF0F3D6B812ED649F1FEC26E4527AF9386903E56B10C3451FED6694870ACD543DAC7B92939
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.[2024-05-26 12:44:22.279] [info ] [settings ] [ 5804: 2104] [3B00E3: 405] paths.ini_store configuration is empty, settings ini store folder to asw::instup::GetDataDirectory...[2024-05-26 12:44:22.279] [info ] [ini_access ] [ 5804: 2104] [A309BA: 214] watch task for C:\Program Files\CCleaner\Setup started..[2024-05-26 12:44:22.279] [warning] [ini_access ] [ 5804: 2104] [D24874: 173] failed to read ini file C:\Program Files\CCleaner\usercfg.ini.. Exception: couldn't open file.. Code: 0x00000002 (2)..[2024-05-26 12:44:22.279] [info ] [ini_access ] [ 5804: 2104] [A309BA: 214] watch task for C:\Program Files\CCleaner started..[2024-05-26 12:44:22.279] [info ] [ini_access ] [ 5804: 2104] [A309BA: 132] watch task termination for C:\Program Files\CCleaner requested..[2024-05-26 12:44:22.279] [info ] [ini_access ] [ 5804: 2104]

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):137
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.4991355069897025
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:lgJJM0hGM1JJM0hA7D3E889pLcXgPv/6KG4jL3WwFvn:2JMuNJMuY3cIwPdJFvn
                                                                                                                                                                                                                                                                                              MD5:C025F857749F62C26496A3E5F4674944
                                                                                                                                                                                                                                                                                              SHA1:6C0C63B14354842CB7F3E675EF6823E057889E14
                                                                                                                                                                                                                                                                                              SHA-256:0DEAB2E8DB2C5F67D4A282DDAFD65CC862F6E94C479F28697870C239F9CB9689
                                                                                                                                                                                                                                                                                              SHA-512:10D96915A008B2C21DB0E2E75D4A6792C66A82EDF45D0CF927E4569D2103ABDC2B8228C8AA2068A309E504A0EB8D0E19290A98B6F1A7DF14D2A62009F3F336D0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:..To Be Filled By O.E.M...To Be Filled By O.E.M..(Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz .....*.ASRockRack2.Intel 906ed8.@@.H.P.|X..`..

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\d9420f54-15f3-493a-8ecd-482380edd479

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):630
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.366507649923885
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:CUZWITpuNCS7sWBDQAdY8ERcSbpcpODx5sVSiANh:CUZWrNCi7Kcmpcp2E0xNh
                                                                                                                                                                                                                                                                                              MD5:ECBCB47E92CDF400C29B2E52BC0333CD
                                                                                                                                                                                                                                                                                              SHA1:FEDC1F816AEFFB2869CF3BDAEA21CE3F0F5361B4
                                                                                                                                                                                                                                                                                              SHA-256:EF75649810E56C1FE8D06D481BCF09742057A9A32511B66FA4CE9C7471242723
                                                                                                                                                                                                                                                                                              SHA-512:4C4D9C338271B5073A830FC687A8BDF0854089C18C8A182B88E1B30E99EBA0A70B762FB9F3BCCAFA678FE959B2914120C137B600150EF6C6FE8D2180DE56B756
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:burgerdata..................................z..O.......@p....G...2..=............f...... ....K....iiT.X..`.x..^..d[..g...L............. ...e.......VE....!..GP.s....@...J............D.?.7..-b..V.....~....p).....D}...>.m..7E.....!..g#........!..g..A..`.9<..W.U.w....!..3R.T.......Y..(...K.....a...I6.y.....m..e({{...*).^y.[H.t.3.NiM?....cmH%....v.K.A.Q|...7...p#._\@C..~.?..t,R.4..0..1T_.W..J.Q.@}..+./5?vr.....sa.:q+.B.d;....UDCL...."..Q.......mj.yq&v.k\..8..o..?.....[.<.....^%J.P4Xm.r.v.....>.#../............in...V.r._*..l.}.k."}k.@....8........<..Q.U_....J..Y..N....F..=j......* .z...........y.

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\LOG\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\fe87aadb-4427-48bb-b4b1-2e2bcc521634

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):3686
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.91955824179523
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:96:Cml0ldYEtlYPjnHkNhYmj+tUAHh8nuz+fwS7Cy8/t:zmlbw7Ouz+fFF8/t
                                                                                                                                                                                                                                                                                              MD5:DE2828BDA1E5F6C24110C8AD92AD4A0B
                                                                                                                                                                                                                                                                                              SHA1:D4474C663A5F02A49CA9201EED3465AC55F677EA
                                                                                                                                                                                                                                                                                              SHA-256:FB959972162AFD18702DEB333BF630BC5BD19D575EFD72449AF20CB9A2ABBA90
                                                                                                                                                                                                                                                                                              SHA-512:BD50376E66076F459F08841881D9C3A4A9E62750B78EB28606DF941BA2780B814086F67500CC1F3C15888B58C1DADD4E0B41200EA75BBF06EA2FF87F5B74EFB2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:burgerdata..................................z..O.......@p....G...2..=............f...... ........O.....K/z.6..........3.~`%............ ...V.y.w..h.^.xZi..ke/....lt>).^...p...W:A..QQQ.a..1..a.{].bY.[..+.n).}............I..U.v.?.>.....<...6..O~.a.E.....d~v...#.f.%..:.l.-....;KV.l4H...R.n.h...p.....-t.a-....X...H.=..."uWD.U..mTr...EI&..F./....|.c.N:..5.Vfl..F.~...)0..%..J.&H.vD..U.....Z.......0p!.@;.`[H...J...^..1....u$MD.yM....!./Q.V......[tl.oGQ.i$..Cr.Hk%.?_.MA.,#.jLvz.....H!.M..7T..6.gBi8&.~.;.....*Cw..8t.....F...%.`...j)..{...F...].9...2Lm.)..b...e7.3^.,h..\Of..':.(.. J...L)nm..65..3o.6.#O5A.K....>.....h...T..&.yN.-......R.?....'.......a.$R...0..R.F.M...JSZ.1x..*...."......^g..C.)...v-.+.9.N.R.\....m6.C<9......'.....u........S..P.:!3m..\.-"...:j.W.#0a...!0X.t..S...FPS..).o....R...u.I..8b..h#."...P....zO...,0.7_K{..na.n.A.L....m...fZ.B._vuu....D..{.a.N.`.....+.a.......r.>....r.vc0.jj..+X0.....o ....W...>u.....<._....(.i.IS.//z...wL.....3..p

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\LOG\event_manager.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):107
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.908093244817736
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:kJDM/psFuTgHQXL4wbcdcPWRs5YS4WLfMTEHM:kJ4yuTT74MscPWRsGqr8
                                                                                                                                                                                                                                                                                              MD5:5C4C4F3725B3A85B169CC35E7797E318
                                                                                                                                                                                                                                                                                              SHA1:0335BCE710F0CA0BE643D3FADC0014172CD51ADB
                                                                                                                                                                                                                                                                                              SHA-256:05AFA69F2563F34F0CB90C89E2F8384E6B2F19181C88C472BF7EB3D26612A0AB
                                                                                                                                                                                                                                                                                              SHA-512:7403C0AB1B80EDCD72E31B259D81D1A6EA4E286B6A9083C6CDAFD95D26DE45C75DBE389032CD55E900689CD4CFB56C333514EE6E37534FF32AF2ADB159C60627
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.[2024-05-26 12:45:02.873] [error ] [evnt_burger] [ 7968: 9896] [234984: 57] Exception: Invalid brand..

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\LOG\pd.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (344), with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                              Size (bytes):7831
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.2520123689507665
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:ke3iKbpsbpoj8jXk/TSPHEAKLFUYMbpAhj8GXww55bbttK8E/DWH:rbGbiD/+19b0HJ
                                                                                                                                                                                                                                                                                              MD5:2EE2FD830EB6FA17B2C7E0DC59B4DB20
                                                                                                                                                                                                                                                                                              SHA1:ED2967ED7F6BAA5E0333114B6E9544E1F84FD16A
                                                                                                                                                                                                                                                                                              SHA-256:283500AF5BEB6D8E397CDDAD459AD75614F1F782348E7B76877C48D68CD4EB3D
                                                                                                                                                                                                                                                                                              SHA-512:C99CF6B49900F0CCC1BA3277C6D117EF23AC859EEE08FF4A85BA7A2BEFFFC1FB27AE6611B36E326097928F24C20F6AC3FDB0DC743CAFC89532836DD4BADDE1B4
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.[2024-05-26 12:45:00.618] [info ] [pdsdk ] [ 7968: 1740] [486624: 86] Logger initialized..[2024-05-26 12:45:00.618] [info ] [pdsdk ] [ 7968: 1740] [486624: 106] CreateEnvironment finished successfully..[2024-05-26 12:45:00.618] [info ] [prgdeact ] [ 7968: 1792] [456182: 122] [24.1.44.0] [tuprogramdeactivatorcore.cpp] [122] tupp::ProgramDeactivatorCore::Init::<lambda_1>::operator (): Initializing ProgramDeactivator....[2024-05-26 12:45:00.634] [info ] [UsrAccounts] [ 7968: 1792] [3E716F: 543] [24.1.44.0] [UserAccounts.cpp] [543] asw::standalone_common::CUserAccounts::RefreshCurrentUser: Current user SID: S-1-5-21-3425316567-2969588382-3778222414-1001..[2024-05-26 12:45:00.650] [info ] [UsrAccounts] [ 7968: 1792] [3E716F: 543] [24.1.44.0] [UserAccounts.cpp] [543] asw::standalone_common::CUserAccounts::RefreshCurrentUser: Current user SID: S-1-5-21-3425316567-2969588382-3778222414-1001..[2024-05-26 12:45:00.650] [info ] [prgdeact ] [ 7968: 1792] [C690D8: 193]

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\LOG\su_adapter.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (10292), with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):28461
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.224957040813297
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:384:IousuY2DL9LAiP6D7yz3vmCS3rblnrdm/Ib2zb0qCVTDElf4FnViV7Et+/FNEnEB:HudLg3trdmQqfB+HEq9ViVgYNEni
                                                                                                                                                                                                                                                                                              MD5:EF38CC9B75CCB063DF9176ED32050E8A
                                                                                                                                                                                                                                                                                              SHA1:E6070EAF1182DD4BEAD9FDD4766B641B66867509
                                                                                                                                                                                                                                                                                              SHA-256:0E07EC7CFB1BADB6CB712BC1F277DD31CDF3422EBF49C3D9F68E4D1E68A0EA22
                                                                                                                                                                                                                                                                                              SHA-512:ADCF5269DD85371865DE0828D5FDFD5DE8E38E73F861DBB015F75B0A264EF8FEBF69268A68509792F450C4843485D62285D4C24AB66419E3C992ADB0D39C8193
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.[2024-05-26 12:44:31.886] [info ] [sw_updater ] [ 5804: 5056] [98DA86: 105] asw::su_adapter::detail::SUAdapterModule::Initialize:{"data":{"customLogDirectory":"C:\\Program Files\\CCleaner\\LOG","dataDirectory":"C:\\Program Files\\CCleaner\\Data\\su_data","disableBugReporting":false,"enableDebugLogging":false,"opswatCachePath":null,"opswatCdnUrl":"https://download.avira.com/download/opswat-sdk-database/","opswatInvalidateCacheAfterHours":0,"opswatMockupMode":false,"opswatUseCache":null,"opswatWebRequestTimeoutSeconds":30},"signature":"9A72A4B6-3419-4C56-81AD-866403B280F6","type":"struct asw::su_adapter::data::InitializationParams"}..[2024-05-26 12:44:31.886] [info ] [sw_updater ] [ 5804: 3400] [98DA86: 105] asw::su_adapter::detail::SUAdapterModule::StartScan:{"data":{"exclusions":["tp41","tp308","tp458","tp756","tp848","tp3029","tp3031","tp3087","tp3103","tp3149","tp3197","tp3326","tp3364","tp3596","tp3648","tp3660","tp3676","tp3701","tp3716"],"includePatches":false},"signature":

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\LOG\su_controller.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1246
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.112502135535495
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:kfnX7xh/fnX7xVfnX7+DiIqWQvPX72ZM8X7aTU8X7J0IjLX7bfh/IjLX7bfV:kfnn/fnrfnEqfPgM8x86yLx/yLl
                                                                                                                                                                                                                                                                                              MD5:D295FADEAFBB4964F845A3A919130239
                                                                                                                                                                                                                                                                                              SHA1:96EE95A902076F0F801189164B5E92506C937221
                                                                                                                                                                                                                                                                                              SHA-256:DD0637E45EDA29C7E10081864BCDE2B591E2DE5ADE6FD2484F8A1E3B6AF07FE4
                                                                                                                                                                                                                                                                                              SHA-512:F285DFC946716BA05576D06736174075272FC7793C3FFC376EB946681800E85962E795A50C9D56736CD44BDD6B599A20DC52D7A102EF4D6BBF0B87BAC459D4A1
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.[2024-05-26 12:44:31.886] [info ] [sw_updater ] [ 5804: 5056] [98DA86: 96] asw::su_controller::detail::SUControllerModule::OnScanStateUpdated..[2024-05-26 12:44:31.886] [info ] [sw_updater ] [ 5804: 5056] [98DA86: 96] asw::su_controller::detail::SUControllerModule::OnDetectionsUpdated..[2024-05-26 12:44:31.886] [info ] [sw_updater ] [ 5804: 5056] [98DA86: 105] asw::su_controller::detail::SUControllerModule::StartScan:S-1-5-21-3425316567-2969588382-3778222414-1001,Nothing,Manual,,nullopt..[2024-05-26 12:44:45.605] [info ] [sw_updater ] [ 5804: 1360] [98DA86: 105] asw::su_controller::detail::SUControllerModule::GetDetections:S-1-5-21-3425316567-2969588382-3778222414-1001..[2024-05-26 12:44:45.680] [info ] [sw_updater ] [ 5804: 7396] [1C62F9: 49] Cleaning up data directory: C:\Program Files\CCleaner\Data\su_data..[2024-05-26 12:44:45.680] [info ] [sw_updater ] [ 5804: 7396] [1C62F9: 61] Data directory successfully cleaned..[2024-05-28 17:31:50.164] [info ] [sw_updater

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\LOG\su_telemetry.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:Unicode text, UTF-8 text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):3
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.584962500721156
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:g:g
                                                                                                                                                                                                                                                                                              MD5:ECAA88F7FA0BF610A5A26CF545DCD3AA
                                                                                                                                                                                                                                                                                              SHA1:57218C316B6921E2CD61027A2387EDC31A2D9471
                                                                                                                                                                                                                                                                                              SHA-256:F1945CD6C19E56B3C1C78943EF5EC18116907A4CA1EFC40A57D48AB1DB7ADFC5
                                                                                                                                                                                                                                                                                              SHA-512:37C783B80B1D458B89E712C2DFE2777050EFF0AEFC9F6D8BEEDEE77807D9AEB2E27D14815CF4F0229B1D36C186BB5F2B5EF55E632B108CC41E9FB964C39B42A5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1025.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):251704
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.237318108280243
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:IO5jpwJ5WckrG4m4xyOfF38ForEjl34/s2O8sl10sO625VvxX0n+TOq3jK5zeDx7:9LcEs7UKdm
                                                                                                                                                                                                                                                                                              MD5:D02E2E5CE1D65F4EF0092E65C5480B18
                                                                                                                                                                                                                                                                                              SHA1:6B6DFBE7054960AEAE7B45877CEEB42E4A259E1B
                                                                                                                                                                                                                                                                                              SHA-256:68A72ED00112FADAA3672EB5A2D1F22F73DB411DF9E66A38B566696E72560990
                                                                                                                                                                                                                                                                                              SHA-512:FC7244B419B83749174C644525A34325ED1C5B53EB29D549ADCF3CE1FE6A2E3059D11CEFC1C7F178B96F42F0CF6B69EB4A6D14BDAAD67F18C3676BF59B4BF4ED
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................................@.......................................... ..8...............8)...........................................................................................rdata..............................@..@.rsrc...8.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..h|...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1026.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):299832
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.1243042143414845
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:NOhZiAYLSKbody3HxDeNvZtSffDd6vj0oD9h9U1UJph4bYs78x/:NO/PYLFody3HxyNRtmd6JTmUJph4p4
                                                                                                                                                                                                                                                                                              MD5:DFF064C2874697EE5BD16CFB177338FB
                                                                                                                                                                                                                                                                                              SHA1:DE5FEEB172EC4627530A117331D7C96465882310
                                                                                                                                                                                                                                                                                              SHA-256:339667352F607737D6F0C55F0CF262C42FA0AB3BD20BB8E9CF67402DB3AFC640
                                                                                                                                                                                                                                                                                              SHA-512:97D2A2EBA22E50689A98C55F951CE0E9E3AF0EAC57C92EA5C44A6FBF89B1781F56A24E92FFC02D70EB7C781CF13B15BF1CCBB3919A10BE80B5887CEE2A524EBE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....h............................................................@.......................................... ...d...........j..8)...........................................................................................rdata..............................@..@.rsrc....d... ...f..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.. 8...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1027.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):302392
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6385041738085238
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:NOBrr3phzbmsC0MUmq3nFvQ2iYHzNbUSlLwRPM36qWFnZY2WZDR2RKDspxzhw6RD:Ybbs0MUmqlNbUSlsqWEDcxzR
                                                                                                                                                                                                                                                                                              MD5:958570F583E0A76C8BFDA68A90F0EF64
                                                                                                                                                                                                                                                                                              SHA1:F145ED9DB93ECA42E7128AC05509C3B7C45A0B53
                                                                                                                                                                                                                                                                                              SHA-256:A0A7EBDB32FE591750D5F92BB362426014D773D7310CEA06D62BCF3B9B8AABA7
                                                                                                                                                                                                                                                                                              SHA-512:EA8181FF0A1B7C5050E7FC915100453EF637C7ADF4D3BF423A9C9DA13C9A403DABCA5469D1A9AEAFA0C8428F4690525F1C974325C3BF1123F2F7BA792CDCD88B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....r............................................................@.......................................... ...n...........t..8)...........................................................................................rdata..............................@..@.rsrc....n... ...p..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...B...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1028.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):118072
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.460592687959236
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:c9Ot/e/3Q4ysGJVTObdY4MY4JUjAs/0zEwjHhAEz7VxqW:c9OtWYHV4MY4JzlLHpziW
                                                                                                                                                                                                                                                                                              MD5:73035E682178F95C8D21A7A21B416A2A
                                                                                                                                                                                                                                                                                              SHA1:A274ABD56EB9E3CEF6CC8CEC0FD3F73FBDB27E45
                                                                                                                                                                                                                                                                                              SHA-256:48F5FE4738856368192A2A33D3975A9EDB51E2407E1B3E76EE8F6675E896DF22
                                                                                                                                                                                                                                                                                              SHA-512:01920A72941C04805CBAD7B63BA06FCC9436E0D72AB2124106BCA2BB0AD36666DA314417E7854C2CC2B42AFC27AD912F905D71AACDF805249DCD64448A9E2366
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'............................................................,C....@.......................................... ..X...............8)...........................................................................................rdata..............................@..@.rsrc...X.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...r...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1029.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):266040
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.971170034861619
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:POK/4V9ws1yxbxrTjEuq+mc4l0V13hcIYq80sJ0wonymZq1Mb2g6SuS:2KB13rYPS
                                                                                                                                                                                                                                                                                              MD5:17177872609AD07B13401C3C3D5FE361
                                                                                                                                                                                                                                                                                              SHA1:C73364BF6BCC544CD0EEB07ED5BFB4D11C5D28D4
                                                                                                                                                                                                                                                                                              SHA-256:13F1977D4E902D4C2E72DCD1312BFA48D48B82359ED285573E26A363D0DC4E06
                                                                                                                                                                                                                                                                                              SHA-512:62B7DB5977B6A2B5EAB6F51C793A5A07ADF569FDD9DE04CEDA58A5BEA1E7C8C2FD78B3B4BDB94F2E8B981A103BB75DE1E9BB08678EC4F67FBD260CDA4CC7F0EC
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'............................................................J.....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..8....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1030.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):261944
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.692473779110462
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:MOIMUPjdHlysCPH02R/CCzuo8JqT1oS748mSZtlFgCIMgSnpMiGG1:ohlyhPmQpgLiGG
                                                                                                                                                                                                                                                                                              MD5:AF2A50F3A9A8F47E34A6C4702F34ACB5
                                                                                                                                                                                                                                                                                              SHA1:2138F248E542DA42E4BB468CF31D85FB7FEFF08E
                                                                                                                                                                                                                                                                                              SHA-256:10AE7E078ADBF8E16FBBB81A8E6AFC6B0648DA5E70B76EBF9BDFC917CE99A342
                                                                                                                                                                                                                                                                                              SHA-512:367AAA6E16E6DE4C5A78C0859D6A59BF2AE6F0671E474D53410274F63E5CFC975E8944840F7BECDAADC2CF5E715BC197FE7BEFA6B14A4DF47A55BB3A73F0BAA0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'..................................................................@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..@....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1031.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):296248
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6911674372044967
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:VO68JrKPgjvypvWTChegDQhK7JUfRtR+ga9hI7AlfbamVXuGdIEhpg8XVLZkwwl9:7aypmqEFzda9YhVaKP
                                                                                                                                                                                                                                                                                              MD5:898BE97EA529F14B37982907EE021289
                                                                                                                                                                                                                                                                                              SHA1:39D7F5AAA3851D655C0FF8FC12BBD202CE31A700
                                                                                                                                                                                                                                                                                              SHA-256:453E44FF80FF08521A387EF59FFAC9506B19126147D90E911BB2613F4070F026
                                                                                                                                                                                                                                                                                              SHA-512:E26B6F2C2AE54ACDC39CA3CA66FDD59FE8EE454985BD496A75701A3D5C16B7005C033037A93EEE071F5608228E8547917D2F6EBEFA19EE4DC9628BD334076B5B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....Z............................................................@.......................................... ..(W...........\..8)...........................................................................................rdata..............................@..@.rsrc...(W... ...X..................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..X*...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1032.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):310072
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.295357101966761
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:UO66kCHTgkU7ZcvMQmOnMGopX6Y85dWORIqC4adqLDBBlKLSUG8ioi9rvxVJzAkm:5vMdy6TyI
                                                                                                                                                                                                                                                                                              MD5:63E7608900F23371C93FC00054D9BB09
                                                                                                                                                                                                                                                                                              SHA1:D97CF824D2EFF53976BDD2855026F5B94D8B4FDF
                                                                                                                                                                                                                                                                                              SHA-256:2D7BFC87EC65D989115A2F34A7825216B1C91287E54BBBF8B2E5E36AD1922D3E
                                                                                                                                                                                                                                                                                              SHA-512:32318653A3FA007E009C333B53CB21E1AB7AB75E83EE17FD2D80D1333AA3EC769892891EF1F09DAF765228E52352F4EC0CC3FD845100B616666C4F54F191931D
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.............................................................@....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...`...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1034.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):295736
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.617872244805447
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:zOnoXaxVncqz574Dc+JqL/wDFyIsDFPXJeiWaC7kkhTrldUuUfHu6KFWhae9V/v+:AXxVcq9+JqLY4RDFPQivkhQHlhaCF7i
                                                                                                                                                                                                                                                                                              MD5:957C566C1E255EF37302057F0B5F6662
                                                                                                                                                                                                                                                                                              SHA1:B182A0477CED5CDF99BCBC9DCD4DA993E6C3B526
                                                                                                                                                                                                                                                                                              SHA-256:569073E06A939818140F05DC056AD50ECC16CF15AFF530F21E1A6FBCD021B6FF
                                                                                                                                                                                                                                                                                              SHA-512:49E460C2CE73F6544CF71AE49D349890D9E6ECF2FF319812606041320EED14C94590605FFF9810154248FC4569477DA84DB21F0B0BD37E86387A450E06315323
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....X.......................................................1....@.......................................... ...T...........Z..8)...........................................................................................rdata..............................@..@.rsrc....T... ...V..................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...(...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1035.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):274232
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6408955872487243
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:nOCH0AYKzLFQXBRLAEmW6WiM8LHxaMNv0HhZ/m2lki2/eqLyJ801IEaI88RTr+vl:RLFS8zx/exWVhziBZpKY/sDYBn+l
                                                                                                                                                                                                                                                                                              MD5:483AE5C7CE3BB16A14385CAC8A115B1E
                                                                                                                                                                                                                                                                                              SHA1:988341024B401471C0E2A9AA48F4D20E99DF7D49
                                                                                                                                                                                                                                                                                              SHA-256:7C3BF7C5995D574BFB8E23BFFDF1BAB8E5A6CE0796E9B2F83F9CF074F59543DD
                                                                                                                                                                                                                                                                                              SHA-512:E84143B52F31E6BF49465A05BC23D142D7F2E55126CB7FE2D9090ECF78C5D4B4646F318B89B476F2BCFF129D6E12AAB0D13633108FC49A103361CB5735EDD382
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....................................................0............@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1036.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):307512
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6392919359316234
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:eO6c0/XQG0lY0HlRtz9lOM55IemhC7R57+n5lgsPJ+OTanfRcrWy6gvOgsxiwCh:XIU9vLmmQr+Ovt
                                                                                                                                                                                                                                                                                              MD5:8826E3B25F297E87B96F2C9B59A270FC
                                                                                                                                                                                                                                                                                              SHA1:25DD4CA3A9776DE7A9798918DE0FC9D296B4788F
                                                                                                                                                                                                                                                                                              SHA-256:59159682886ED23F504AFA1C9296D8137D58C1D11E3B54F06C75B0D5244699BD
                                                                                                                                                                                                                                                                                              SHA-512:A089B92671696FEE86A54C180C709FFD1A7C44B78E0E594D6385C26BD8FE1D345E7A5D602586CBDDEF4BD6F575F05E5BDB37AF50E1AD3B7BC9A66B5549376CAE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'............................................................U&....@.......................................... ..@...............8)...........................................................................................rdata..............................@..@.rsrc...@.... ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..pV...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1037.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):84792
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.75496268997428
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:MIbG/Ev7fV/QDGLu7rXc+yF3hN2qx8xw7tLxpe:rBQDGLu7rqF3hNL8xw5De
                                                                                                                                                                                                                                                                                              MD5:1AC786CF503957E126237D9AD898FEB5
                                                                                                                                                                                                                                                                                              SHA1:D17BFAC4514EAB106DB350B8B7CABD511327530A
                                                                                                                                                                                                                                                                                              SHA-256:246790A5E723B3E112B388247EE70268CEBBFE5D83149DBCF2ED1899943BF6CA
                                                                                                                                                                                                                                                                                              SHA-512:01894A3EFD6E89F90DAD3F5854D861A2F0E4F2057E7A8815D3590C95FD3EEE92902C693BCB0F51F7379647B891FBDE93603353820F212A1608B707D39747A758
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..... ...............................................@............@.......................................... ..............."..8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..p....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1038.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):293176
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.8208117039024057
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:aOydyAkxjlc69HieVvyQfEJfAXaHaf8p2FjQzrDJK8+jewl8w0i85EK/FMJgME2p:i3zpWuExqWKa94mwG
                                                                                                                                                                                                                                                                                              MD5:D78EAB904C85F1D3205B27F3D4243B93
                                                                                                                                                                                                                                                                                              SHA1:55672866B1AD2713B3F52AAEF7F4150BABAB0E78
                                                                                                                                                                                                                                                                                              SHA-256:6A48DB37DBB23306FDDC5A2A00259DFC6730F706DE94993141D8826F8A6DE9C5
                                                                                                                                                                                                                                                                                              SHA-512:45B5AA5D502EBAE67D59925744B363A3190F72F515F9E27E72B4A2F9F2E4DAFC98236B356E057B3060EA390B34F2C89DEAD8F65FF950C55640428CE6CFF1C71B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....N...............................................p............@.......................................... ..`J...........P..8)...........................................................................................rdata..............................@..@.rsrc...`J... ...L..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1040.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):290104
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.607274730372722
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6144:JGOr2dkv5rbJEzkk7VbQgxdUSyce8ovN11uBIAN22H/G2J/WF3jn+lZ5a06IMjpB:J8zabOQ
                                                                                                                                                                                                                                                                                              MD5:7B10026E6AFF658CB689D9E6262EF2B3
                                                                                                                                                                                                                                                                                              SHA1:BF8425A45D4BF8F0F35B5AB0A71FF788B91B2388
                                                                                                                                                                                                                                                                                              SHA-256:1295347C1D65A87DC38C9BC92B7558224B8659BCCC97F780C3D241DCD32BF40E
                                                                                                                                                                                                                                                                                              SHA-512:838FFB23215890263125EFA046D19843DACDB96EEA380F831C13411D6FC287EC1D799B8D516504302A0719A9C369FB6603A49FDCB171A12DE2CB297688462365
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....B...............................................`...........@.......................................... ..H>...........D..8)...........................................................................................rdata..............................@..@.rsrc...H>... ...@..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..x....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1041.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):158008
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.589022762598643
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:IO2Z08GAYGz/CJyeD/WQPPYg7QdEk9kyASAqXSrf8okOqq0Q4WFIUFJG0dvgzvNf:80ukIBh6b8okLy8h
                                                                                                                                                                                                                                                                                              MD5:56810F4132854032783C67E973936D77
                                                                                                                                                                                                                                                                                              SHA1:87D674823AA7A640A61645CC6B6F50FA634830A5
                                                                                                                                                                                                                                                                                              SHA-256:A7FD92CE7A9C4D1DAB0A47537C3D76614060413D58237611AEE779728202EB83
                                                                                                                                                                                                                                                                                              SHA-512:9EE953FE73D336844A1ED74EB64BC85D0D03B29E121D6A45E8BA3815B9EE7BF8E7B266678D0F0DDDE6288401ECCCDB9A5D6AC229E163AE6D1E1D18A23EC81077
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....>...............................................`.......w....@.......................................... ...;...........@..8)...........................................................................................rdata..............................@..@.rsrc....;... ...<..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1042.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):152888
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.845659391108274
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:pOPCGIFT8jQ3PP6Y0rY9hd//ba4nAgUxHf9exBOFbI8rvID:3LT8ePPSY9fa4nAgfjaoD
                                                                                                                                                                                                                                                                                              MD5:318B9708C18ED2EAA44ADFE162507E33
                                                                                                                                                                                                                                                                                              SHA1:541FE2E5C19B77E74B197BE87047AB821BFB72A3
                                                                                                                                                                                                                                                                                              SHA-256:29BE3B3527CE13A4C5D00ECE71A02E71CE31C3489A5777C8193A31C71CB1F8CF
                                                                                                                                                                                                                                                                                              SHA-512:90C5F60A73FBB95634387A9937B4CCE1B720B646FF0FFA15DDAD67D47A4FBD838369EEE30D0150B21725FCE30DA758112C32230C3B26EBEBFB6E2B3084ACB4F7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....*...............................................P............@.......................................... ...'...........,..8)...........................................................................................rdata..............................@..@.rsrc....'... ...(..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1043.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):291640
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6308756241554834
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:hOyd04Ka0cGVl71eOTnhSx+0hdPLWa/zwiJ07kVliI8JE5E6pjCA6YxKxYMe7NnC:ham9ha
                                                                                                                                                                                                                                                                                              MD5:0574ED4ADEC3E130E51B08F3A4FF8DFC
                                                                                                                                                                                                                                                                                              SHA1:1178ABEA55347F0290ABFC4B9913175A4146B945
                                                                                                                                                                                                                                                                                              SHA-256:1B472DB7A78CFC8AF4DBDD9F90063BF1B2183B001166F02B27108C3D59D1CEA5
                                                                                                                                                                                                                                                                                              SHA-512:7430E240DAB0F7F2777E1C3173EFDD26200BD8DC950F0D271499910686E2C970DBA1814B4141953A6D0378FB5B424194B2E48028797CD5C9D11F7DC79CD582D2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....H...............................................p......l.....@.......................................... ...E...........J..8)...........................................................................................rdata..............................@..@.rsrc....E... ...F..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1044.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):263480
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6780613031156406
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:POcMYtueTfZOaRLl/TPzBPgfJ9yBIwSk5/apG24OveEfBGtqe4BLK/v2PS1grYex:jrYYeKrRrS3
                                                                                                                                                                                                                                                                                              MD5:1B51759DF5E09AB7972663E1C1A55BD1
                                                                                                                                                                                                                                                                                              SHA1:FB2FF28887E61E09CC4776D9F4965740B5EF066C
                                                                                                                                                                                                                                                                                              SHA-256:E64F69748D1B12191AF9296A98BA025AB6AF19B8F895C0689FDB1680AA912774
                                                                                                                                                                                                                                                                                              SHA-512:26E423FD3B5B3CDC835E39EAD230DB157F9A7F193231F5A479E531251756E4A0047451EFF7BB896520F52CE36D209F16FA7DBC68BC3B14FE93DF5EA42027B322
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................................@.......................................... ..`...............8)...........................................................................................rdata..............................@..@.rsrc...`.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1045.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):297272
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.8779146741516244
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:iOR1STMoXPCfy048tf42aJfuold7GQs6nzWQ:5UTe9x43J7nqQ
                                                                                                                                                                                                                                                                                              MD5:0AC74046010578C28FEEE2B20C923D0D
                                                                                                                                                                                                                                                                                              SHA1:4C386C387E2564CF9E7FE3648E139B09E25B3C90
                                                                                                                                                                                                                                                                                              SHA-256:B53355060D7C13222F42936F255AFDA31BB33815F9F6E10AE1EB503C7EB4406E
                                                                                                                                                                                                                                                                                              SHA-512:BDBA823BEBAF154CE8B31E62FF8F8B91891DD505B6FF2CFC86AA8B24541CFE30653758E790E08573B4CABC12DB97D85BE464074F468CA06BAA1558EBAEC26EA0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....^...........................................................@.......................................... ...Z...........`..8)...........................................................................................rdata..............................@..@.rsrc....Z... ...\..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...-...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1046.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):287032
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6585975784930858
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:UO/sBXArE/M0CnEJumUv8ggFBLfk2hxvosC4bXm3hoO/miM0vLnY5yGkUSUIx6/x:nY/r0vLnYIicw
                                                                                                                                                                                                                                                                                              MD5:AA0ADF788E76739015028B5193464285
                                                                                                                                                                                                                                                                                              SHA1:6A6DAF90FAF8AFACC2C307B9618BDE315876EBC0
                                                                                                                                                                                                                                                                                              SHA-256:07A46BECD76FB66A0564380E7BBC11F8EF42B1D6ABD46BAC1CCD60659D53B7EE
                                                                                                                                                                                                                                                                                              SHA-512:BBD21B5F64206AC015CE4F1CEC52AFC020E69C73C222D272EFF673697869B732FE641DFB53E65C95FD5EF99DEC431D6CF6C01BFC7EB8310201C95AD47BD28C49
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....6...............................................`............@.......................................... ...2...........8..8)...........................................................................................rdata..............................@..@.rsrc....2... ...4..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..@....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1048.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):307512
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.769077817866265
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6144:ABL70sRPwl8RsSNskqf0xZWH5cW4ONAm8DjbVdBsNZCI:WRPwHm9sX
                                                                                                                                                                                                                                                                                              MD5:7A4A9B7075B684C9F6DC8C29141AA41F
                                                                                                                                                                                                                                                                                              SHA1:FE500D4624AC7CA48ED0E5E6F69CDBAA7F22F66E
                                                                                                                                                                                                                                                                                              SHA-256:C8ABC732C1ED5F2E52339CA857CDBCAD2F0DD4BF364D18E1E17F640DBBEFA772
                                                                                                                                                                                                                                                                                              SHA-512:98476AA3A612CEFCF5092B19A2ADB035F223075B7A0CB601FD619DC40CF5682D87D2A48022172404D8036F011787A29E2AB566EB6D0C860C7D56C76EA3501DD3
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'............................................................^.....@.......................................... .................8)...........................................................................................rdata..............................@..@.rsrc....... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...W...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1049.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):275256
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.253730766195552
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:qOALJb3Gt57KUkqLBbZSBTjZGjjFa0I79ZxA:qOAB3Gn7KUkq5ZITdGnFa0Iho
                                                                                                                                                                                                                                                                                              MD5:16BA7EB4B8D1932B2465F8E323E368A0
                                                                                                                                                                                                                                                                                              SHA1:0DBD1E285945251DC617E13EA935A40963E6463F
                                                                                                                                                                                                                                                                                              SHA-256:364922F9570F4926303FD79B93F094B99E5F80AC8C7DA865639F11CBA0843197
                                                                                                                                                                                                                                                                                              SHA-512:6029D0FF0D9AA12545B63B9CE86EBF3912EEAF28872A72436BDDD84CA668E71FA7F8C4EC5C8FC6DFE1D25E01A4D045D517CB8753D0FF7B72FE826024D079EEE4
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....................................................0.......F....@.......................................... ..x...............8)...........................................................................................rdata..............................@..@.rsrc...x.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1050.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):287032
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.750468226940186
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:JOuPwUkEjuTAg8LmwkuvBi/NfKlDPhzCK11AFM/jg3XK5wda:nwUb6gmqCJc
                                                                                                                                                                                                                                                                                              MD5:FD4DEF03B01D0F157C354E78BC718F5B
                                                                                                                                                                                                                                                                                              SHA1:E85D762B8A722A7CF1510347971561BED3DA3D61
                                                                                                                                                                                                                                                                                              SHA-256:D1E7DE0DBC4E009E49FC223A015A5BCC8B3E2B01904D42B7127DD833A755C280
                                                                                                                                                                                                                                                                                              SHA-512:2CC0860C4DF8539784814695BC79BDE5AC284D330D60137B9B5C6921D2C1481729B3D089BD7AF1B5F4610928295FBFE395BA77A5F4CBC82DB66A4913CA584494
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....6...............................................`............@.......................................... ...3...........8..8)...........................................................................................rdata..............................@..@.rsrc....3... ...4..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1051.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):272184
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.9289493184324353
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:lO+kGr1zSE4O4XFtr2LWX0sop3ABenp521oRU6rDv9DETWfxtLswf82trxqt2h7s:5UfZ6GDT
                                                                                                                                                                                                                                                                                              MD5:FF840F99275D56B600F2AE0DA9CC6925
                                                                                                                                                                                                                                                                                              SHA1:DA528FCBB619541DB6C79D0FA800C0C0745F1CAD
                                                                                                                                                                                                                                                                                              SHA-256:4B0D9E6B05B4D3A24F022ECF8507B071A1221A6B811287649EB6AB08ADBE89EF
                                                                                                                                                                                                                                                                                              SHA-512:3BC42BDC9295E2A6593A88D9763CB98FD6203E93566AD207E91CCFF6F7D1F6E8796BC8A306FBB0EB67E49B1144D52552660BA7516548A0C7F5F1496D25443D3F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................... .......|....@.......................................... ..0...............8)...........................................................................................rdata..............................@..@.rsrc...0.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..`....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1052.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):99128
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.168953199425348
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:768:wvnphI3J0F33dUUFwSdCG8CTzExQmGeapZZ+SQDegeO2NcRxvXWx3Fzkb/5dqbQe:2n6qRuv+PTg0Pg9evRKrmFqYbXW7JxGf
                                                                                                                                                                                                                                                                                              MD5:29C81D6345ED3E3C2CFE71BFF7048117
                                                                                                                                                                                                                                                                                              SHA1:65C18C3B4BF014B0C489E0A20E3CBEE09BF5D008
                                                                                                                                                                                                                                                                                              SHA-256:26AD2CA7D361ECA1C856A2526B70A5A057484CDC9E68850EF499A4585197A883
                                                                                                                                                                                                                                                                                              SHA-512:0892C256C05EC55EA70361B1AA6A39DA4124ACFC9F31D87FD711FEC3C159D92AEB8C16F534EDBF67A73A3BEEB28F5312E1FCE7822C395573397FDA5BF36F4486
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....X.......................................................J....@.......................................... ..hT...........Z..8)...........................................................................................rdata..............................@..@.rsrc...hT... ...V..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...;...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1053.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):268600
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6990050058262463
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:jO3xN/puqpv0GWYIuzj9CU1w48dFPn2iaNpQ2S/nsuZs9+UTBl/EEEqJ5OS0qZp/:8MgvrfViDMLZA3Qe0iM
                                                                                                                                                                                                                                                                                              MD5:9D90FD74ACB92602E65431AF365CB0E3
                                                                                                                                                                                                                                                                                              SHA1:7627905E9F650E832A4DF1618092F3BF01D977DD
                                                                                                                                                                                                                                                                                              SHA-256:512A13BA0E6AC789353E40B2D9C2A957E58EDF600822EE3A3F107122DCE80041
                                                                                                                                                                                                                                                                                              SHA-512:46880CA5FE291D40CBF3BD11BBD62E5E8AD894EFB97319B39169CED6A7A234D25CDC6F46F13838A947028BE3BB789D41A9D74D116307E04A85B93CC9EAFED382
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'............................................................`3....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1054.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):256824
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.406814094362952
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:5OnGZVlkS/+Mgkz7D+iBVMSHHCjq9n3weW5x78OCM4b0R3mFnqxuuwROBl:bbUXl
                                                                                                                                                                                                                                                                                              MD5:9F9D9F6E116A7FBCF16B4FA45D65510E
                                                                                                                                                                                                                                                                                              SHA1:08FCD922DD751BBFA35BED0C9754AE2F0A4D516E
                                                                                                                                                                                                                                                                                              SHA-256:A7F32D8B4BB17960640CB2D5B43B3AAFE80FB85B80773F8F86C3FEE119728B0D
                                                                                                                                                                                                                                                                                              SHA-512:E540F270F73E1AD867A332F031AC3A0422F2F90DADF0F7E377D70475011888CF896DC60B28C4F248CECC5A8E10F695A099AA8908595B7E460FD9DBF8861E576E
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'............................................................!.....@.......................................... ..`...............8)...........................................................................................rdata..............................@..@.rsrc...`.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1055.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):288056
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.8720118303997513
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:aOY2tbSoZXtwbSayJfzLK36reuSPx7aoLRG1UdB1uMmcxj2JuyI4kOienS6moo6I:KyoxJ4rlN6ryL4cfG4coOYU411QnaGUw
                                                                                                                                                                                                                                                                                              MD5:8D41364345901D9E25A5810FE5ADB0E6
                                                                                                                                                                                                                                                                                              SHA1:47B6033B743262E4ACFFAF7ABEC8B506EDFED3BE
                                                                                                                                                                                                                                                                                              SHA-256:EFA869F91EC75EBD104C6DB9BD5B52E7166A44D3688FBE7C667B87258C1C2954
                                                                                                                                                                                                                                                                                              SHA-512:654968517FE9D34266568AB20C759EBD5E6D022651556570FCE9CE88F1F80670E1AAC62C19C8D1EDB5EC50DC2F8E6699B856B81DA4A863024B71A863274D6AA8
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....:...............................................`............@.......................................... ..P7...........<..8)...........................................................................................rdata..............................@..@.rsrc...P7... ...8..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1056.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):275256
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.177736618458548
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:gOu/XXhZhf4PSkj5RKgkLth+GvoSP7Ix4:gOu/XX5aRj5Rw7F
                                                                                                                                                                                                                                                                                              MD5:E45FBCCDDF0286287A93EC9FF64FFA45
                                                                                                                                                                                                                                                                                              SHA1:D4FDCC7E6476408D6F89CBAD2D3CD0CC6527910C
                                                                                                                                                                                                                                                                                              SHA-256:AA85EB5999B678D7660167BEC6C1B0EECDA15C4D7191E134D19FF33DB68961A3
                                                                                                                                                                                                                                                                                              SHA-512:A274907FADD50CA1217F17FBCA6D4300CA2E94E1D3BEF38C82FC945DBFB573B620071F0869BDE29A649EE075BE3D4424AD501FC47E319CC897B0474A03FA05CF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....................................................0.......,....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1057.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):277304
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6399112082460663
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:gOkP1sbqLRRB3LPllkJq5WycwPALrbC/hDiypbDsalR97gAWI1H/G:2B3blelr+/h+i5Z1Hu
                                                                                                                                                                                                                                                                                              MD5:D7BDEC4A0AB4461AD45F8497F8F74E8F
                                                                                                                                                                                                                                                                                              SHA1:8F9C1544376CB78B12734ECE5B8BE426DD383684
                                                                                                                                                                                                                                                                                              SHA-256:FB389A1C0CE4C8DCDD8A08C6CCF8940D007036CB6ECCE50456D5AF7B7212C20A
                                                                                                                                                                                                                                                                                              SHA-512:0A613173895867A6B0957EB39B4E1F35EA4C74EE2634EDAC8782437F03089001180DE7827A3116B2A9C50D56764323B3140A7EEE7F238DC77668D7F62DDEF1C5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....................................................0............@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1058.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):279864
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.276377900797251
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:KOFc+4whopP24xej01KKA6NIhMEDdQPlYB73mw7yR1x4p:KOB4wm24xwphTDdq0zmweKp
                                                                                                                                                                                                                                                                                              MD5:8AECA83CCD58EF4B4C8A0B1FFA616811
                                                                                                                                                                                                                                                                                              SHA1:380D0D396805E47211214994B72ED5B8C7144EEC
                                                                                                                                                                                                                                                                                              SHA-256:83A2B826EF13D87DFD3FD63CA1FD79D86790134ABA71DC912E3E8AABB75A0B64
                                                                                                                                                                                                                                                                                              SHA-512:6EFB5DB87589FA3ABF6B13FF8585BF736B8403461A0A164EB92C7421163D0D908FF0952CEF618713A1BF86EB77DAE107E55466671709255BA5A948F1A35B2D89
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....................................................@.......q....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1059.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):273208
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.280679055941737
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:COSObzzGdrZbDYz7cSXIjN+EGtmodsP7hxR:COHEVDYXXsatKPd
                                                                                                                                                                                                                                                                                              MD5:569A065B49014DC0FCAFB09BD33B25AB
                                                                                                                                                                                                                                                                                              SHA1:795766A43F40D653CB1B2F7DF375DDC9F0D48E20
                                                                                                                                                                                                                                                                                              SHA-256:450FBD00B0304D2262E3A26941BC2AC3096674C1070ADFA4B2ADD53249C063BE
                                                                                                                                                                                                                                                                                              SHA-512:C32E7C68FF88BB677CD15BFEE580852AAAAE5740BE526C80E0F38FB6038B5D15629CAF46D7A05A3B24F0758AD74502939672B468150CBCB4CC7845210BBC6D80
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................... ......5.....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..8....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1060.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):291128
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.7329365199723576
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:sOXA6yNUB+Db7tT0yRVLX90eNfVyYoD1sFZVpmg4V+JkEKvperPV/4JmZIdiZbCp:YVUF
                                                                                                                                                                                                                                                                                              MD5:CCD851B53F3B9898B841F734030D4480
                                                                                                                                                                                                                                                                                              SHA1:60ECDA7FE1F8324933413EEAA1B6D077932068CE
                                                                                                                                                                                                                                                                                              SHA-256:CF77B3D80BE23FE2B564C66B19E6172A043E7131892FDA5F5DA2823C2EB6ECDD
                                                                                                                                                                                                                                                                                              SHA-512:CC3ADDB91114E1876C778DF250B3C1BB031A58C6B60CBD925B309241F3AAD3DBB6705D1C6AECBE450824BEC60B38B966AF62433BF21BC2908DDB77D3572D887F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....F...............................................p.......6....@.......................................... ...C...........H..8)...........................................................................................rdata..............................@..@.rsrc....C... ...D..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1061.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):263992
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.680105849089776
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6144:1S6PYBjrXQw4Kfm0lh7+BKJlmO447p+AKe90:XLh
                                                                                                                                                                                                                                                                                              MD5:2C89A6818189D91A9FCB80C25C52BBE0
                                                                                                                                                                                                                                                                                              SHA1:1915BC7A0EF750319539B618D14BEE4D721A395A
                                                                                                                                                                                                                                                                                              SHA-256:88023F360AFE354ADFB9317772F734BD7E234E164A909F7CE79E2DD9B765E54D
                                                                                                                                                                                                                                                                                              SHA-512:129FAF05B7F4B7D412BF1A71D5589129BFA2612782C9FAD645AD7E0ED6DC1382D6387738D2DD6AEC382EDA8BFCB9170715865B91CD280C9F169DF58FB887E7CE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'............................................................8.....@.......................................... ..p...............8)...........................................................................................rdata..............................@..@.rsrc...p.... ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1062.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):272184
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.880752464058992
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:YOs37sqaua3xqfkz3xOe2cWIrCy1ddAG98kPHeoagIxJDhF+/ya:EQqjtlIrF1ddAG9zPHeoagIxJDhF+/J
                                                                                                                                                                                                                                                                                              MD5:1B5AF327D82FF4AA7B653C83B461853E
                                                                                                                                                                                                                                                                                              SHA1:AFED39FF7CB7821BF8B9C9E4B84134F33F35920D
                                                                                                                                                                                                                                                                                              SHA-256:8B7719BD36F7E9D430CBE57520FB70240BFDF1A7B13EE881FF4F3B868D01ECFF
                                                                                                                                                                                                                                                                                              SHA-512:797A67182ADE2D1C43E2B5FB53AE0F51C97672D0EEB818EF2B9FD6B28BDE1E3FACA15F85D0EB9D249935F4B7F11B8D11DCE6CC4CD86D89D5D06A22C54BFDC9EE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................... .......4....@.......................................... ..P...............8)...........................................................................................rdata..............................@..@.rsrc...P.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1063.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):279352
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.83888776583839
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:eO2HoFxILT3wHKd4OZphEXSKyb74AwlCTWgVEhm5f6UsAJ2QE09GZytVEaLpgln0:yItwdyy
                                                                                                                                                                                                                                                                                              MD5:E97A28CDDA400A5D7F66A8153EE4FAE1
                                                                                                                                                                                                                                                                                              SHA1:FD7A78A7D14BF38A10CCEAF461CE4EED966377A7
                                                                                                                                                                                                                                                                                              SHA-256:F27F7064CCF14BC41F7E91FD754BB651F9FCC04EBDF231914F5B404FBC7E0488
                                                                                                                                                                                                                                                                                              SHA-512:9B07D4AD5C1A3222EF9709ADB6FEC5E2EE1875FBC787070785931312A8CA9DCE9645D6729E87099600A0FEE1D2EADCA1DD90C68813BD20FAED58E029AB6538C8
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....................................................@......n.....@.......................................... ..8...............8)...........................................................................................rdata..............................@..@.rsrc...8.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..h....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1065.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):273720
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.129757919890257
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:POX6wg68Y8bfz7uFEgw1vO6asQKjY97MH5kVw7hueWqB:K6wggaf2Egw1vOtsQKjY97MH5kV8pWa
                                                                                                                                                                                                                                                                                              MD5:9690637DAC4ACB394FE9E4A782D634B6
                                                                                                                                                                                                                                                                                              SHA1:D2DB095BF42348A6A2939B7420D56F7CAE7FF69B
                                                                                                                                                                                                                                                                                              SHA-256:4617C6D82781D1934A56D27DBFE1F6249DC1C95775244FC61C15C89B1965A279
                                                                                                                                                                                                                                                                                              SHA-512:DDADD852EA92A9DB7D18B87BEB31BC661DE151D437F52C25FDC8BD10BA18A99C74C06A33E46D267F8B6503C046CD557941C51ED54CBC8F745212726852F16A75
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................... ......B.....@.......................................... ..8...............8)...........................................................................................rdata..............................@..@.rsrc...8.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..h....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1066.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):284472
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.217532644884037
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:FO5VhHQb3OJJv3Sy5boo+hEoMMK8bAy8TI2ZZVP5P2Zv:E23OnS9K8T8LZDQ
                                                                                                                                                                                                                                                                                              MD5:DF655C2435EDA6791B3CD7E3E3FA5782
                                                                                                                                                                                                                                                                                              SHA1:3B61D27BFB037FB553A0100C31377582E09F18D5
                                                                                                                                                                                                                                                                                              SHA-256:9C5815B3ABEEDC71CA4BE31597C9331C8CFE0282F9D67F9F4A1D9D7506CBABB4
                                                                                                                                                                                                                                                                                              SHA-512:0F31FBADDEDB04F973BA2EBD8A69A3B900AD227EB33360DEEE285CB9EE26136EC112FA155DEE01E53702D4F265C4FD7674F95FE6CEF3FF6305DCF1C20C8F20AF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....,...............................................P...........@.......................................... ...(..............8)...........................................................................................rdata..............................@..@.rsrc....(... ...*..................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1067.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):97592
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.745983137102855
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:IVRKRwjihIlKVSYMOv2RLT7KooahF6LAIUjmuJ2DispH1aNv73gsmfAsZATeg9eq:KQyXThwi0Yeg9evQ1rmFqYmt
                                                                                                                                                                                                                                                                                              MD5:26669935A3ACB70463AE5CE1C9CA4F73
                                                                                                                                                                                                                                                                                              SHA1:AA25AB29999186AF2831340D1FF751D70147DF7B
                                                                                                                                                                                                                                                                                              SHA-256:45C5E7DD67D28C3F01DEC33F70C2285FD0DB46818927431216823377A2121D16
                                                                                                                                                                                                                                                                                              SHA-512:9C308D6E02BDABE1365893D7E378099A7A15A0536DC8BA3B635E64666377E85A3198BA5E8CBF2A36A4233AECE6D4519C90EAC2C8A3CCB0983B64149D28B6B731
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....R...............................................p......L.....@.......................................... ...O...........T..8)...........................................................................................rdata..............................@..@.rsrc....O... ...P..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...6...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1068.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):97080
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.300772425365659
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:T8OWtBFOFKSvrNse08AsdUMJ8vlKnMTg0Pg9evRKrmFqYWX873xj:wJBYxselfGvlKn4xPg9evRKrmFqY7h
                                                                                                                                                                                                                                                                                              MD5:4C75D5FDF73287038FE495CC3E873AD6
                                                                                                                                                                                                                                                                                              SHA1:D091C1DA16991FA838092C0581CDDD33D4B9FE29
                                                                                                                                                                                                                                                                                              SHA-256:3C4BB35FB24F3596B448B8F47F4F022A73EC34C47ED4A175D06EA4A2528D0A87
                                                                                                                                                                                                                                                                                              SHA-512:8B8653144032B6ACF2FE367284388BE5C3C0408AF986264696E4758717C538D63386EE8F08E8E419FE1FBE05547CE5E4B2132075506AA094B55379CFD2AB0FE7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....P...............................................p......A=....@.......................................... ...M...........R..8)...........................................................................................rdata..............................@..@.rsrc....M... ...N..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..P4...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1071.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):106296
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.684423490305839
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:AIfvxxMq132FYhTaWH1zgdevRKrmFqYx2:C3WHc1b
                                                                                                                                                                                                                                                                                              MD5:0847F23F33BA98D5807E11E7D4307319
                                                                                                                                                                                                                                                                                              SHA1:03013FFF26AA1AF6AE4E2CA9EE2AD259DCE744A6
                                                                                                                                                                                                                                                                                              SHA-256:6B16F802CCF665A251C5A98C82C9BEC2C51F7DAA18570A66C3807F29FF0E72A8
                                                                                                                                                                                                                                                                                              SHA-512:ED49C3AE2D880091A57903D597CFABD216626646F75806164A0A8C45CE633DB9C169BB124C139595F10FF2CF172C1D92BEF08542FDF0190D872FF4259BA50461
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....t.......................................................9....@.......................................... ...p...........v..8)...........................................................................................rdata..............................@..@.rsrc....p... ...r..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...W...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1079.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):98616
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.810121070166624
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:HMim7E6UZ2gL/VgFvSDKBMTg0Pg9evRKrmFqYWXH7aFxs:SUZ2gLdIvSW4xPg9evRKrmFqYsz
                                                                                                                                                                                                                                                                                              MD5:385A3DDE81A8B55546A01CA0EF8FFE79
                                                                                                                                                                                                                                                                                              SHA1:C56CDD3DE6ACCB5D0CCEECA31DECA0AC7A3AB2DC
                                                                                                                                                                                                                                                                                              SHA-256:47187E5A2AEF05517418BF174E5CBF3506F8060EBB840877321C1A12C8AEFAC2
                                                                                                                                                                                                                                                                                              SHA-512:CC181E1E1D87BB2F4043E752B737969222EA964C914CAFA78BC7277537DD7C5839C5A8023B48866AC47B0936EA9A96A4BCED5B390DE16A1783751521BA021CB1
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....V.......................................................%....@.......................................... ..(S...........X..8)...........................................................................................rdata..............................@..@.rsrc...(S... ...T..................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...9...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1081.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):276792
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.288577369004189
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:YOaANh0qtd0dv9GCYxmdFchBhThkbX+IErKc/Rdr1trcMKeBzAWTJ3z+bhAqhnV9:JFvkF1+tk1CWaMtI4
                                                                                                                                                                                                                                                                                              MD5:70FE6C8480C5B1EC4EA822D03FF81233
                                                                                                                                                                                                                                                                                              SHA1:12F18AC3AD5DFE10DCDC0977762ED81C513C0F5A
                                                                                                                                                                                                                                                                                              SHA-256:41C8FE58F9D90BF0AD1E6B655AC6C3B5B6BF3CBF73FF1611E1D86A70C59BD5C1
                                                                                                                                                                                                                                                                                              SHA-512:3154F117182F3416EE89EFFE13DAA3AA88AF82F33C550E2541ECC7327ACC7E1E7B32595A426609DD85DCE9B4AAE56B3AE43C8A586F45BA996F11B317420A66D2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....................................................0......uJ....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1086.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):287544
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.5929107960482884
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:OOjy9OVGcHdos546rRkMuQsuRA7VkE2hzAV/nyq2UUc6CnmtCGQSQ1zX3H0lz7Zx:OOuOVGG59FkMuQsug+hOPyq2UnuCpH4P
                                                                                                                                                                                                                                                                                              MD5:367F114E3A68C8C051703C6EAD98F114
                                                                                                                                                                                                                                                                                              SHA1:92168DAB713F266A37454502995CFDB126CE2EB6
                                                                                                                                                                                                                                                                                              SHA-256:93BB99F05E68A106B72B67C2B32227B11F82C7016260195E90B1B7431E386868
                                                                                                                                                                                                                                                                                              SHA-512:CC76465AA4A8AE8D6C40743E89C6EDF326E44C2616E21D6398F522910F9A8141F6E41FE47C670407F6E5081B5471FF64FB6A4469819024F51A5FB506FFD4EF61
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....8...............................................`......G.....@.......................................... ...5...........:..8)...........................................................................................rdata..............................@..@.rsrc....5... ...6..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..0....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1087.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):95544
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.7335596580584856
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:H8xbxAJ6vrN4mB/jx+dnwSp69vhdFUxtg0Pg9evRKrmFqYV7gx/:ccqJIwlvhv4xPg9evRKrmFqYVs
                                                                                                                                                                                                                                                                                              MD5:EA0D0B3F7F16673220E9AE3969ED45E5
                                                                                                                                                                                                                                                                                              SHA1:793D35FADDC211C5FF66A5973E7415603FF2464B
                                                                                                                                                                                                                                                                                              SHA-256:1B834E8895FBFD162D217FE7DD5127CDEB955E12A07BA845FEFEA97D6C2C1299
                                                                                                                                                                                                                                                                                              SHA-512:40246711809BB4EAF25252749DB4FCA3A1FBB2BA97EADFB82524B324A7FD51153E5AEAB775AF50F078F289232973E0D0432C3224CA9AACE07C80B24585491008
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....J...............................................p......E.....@.......................................... ...F...........L..8)...........................................................................................rdata..............................@..@.rsrc....F... ...H..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..P-...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1090.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):107320
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.223021037504826
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:wUxZ5eiAoalbBP+98CddkERRc5ijjsfaWIG0LwB0spaS26NDdNdmVesHAn4qoqIc:QVnh
                                                                                                                                                                                                                                                                                              MD5:65B64C20B65C6FB133F781A2E1359313
                                                                                                                                                                                                                                                                                              SHA1:53D7C6CA71F72CB8BC443D11AA537729B6E49BE4
                                                                                                                                                                                                                                                                                              SHA-256:C7C1A957FAE16C1DC6474C228F3CB49F62B745C359D7022D243B8082EDFDB983
                                                                                                                                                                                                                                                                                              SHA-512:86D22EA82E2CED1736E8C07A4F01A103793DEE8032856884DAA82297F30A8BF25E2749EA3BDEFB425C99777D0C841AF95AAD6FFD38518ABAC1571D34348F1BAF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....x.......................................................`....@.......................................... ...u...........z..8)...........................................................................................rdata..............................@..@.rsrc....u... ...v..................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...[...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1092.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):95032
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.844463715324896
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:62E8pozpgNaKTnEcNS7vO0MTg0Pg9evRKrmFqY+T7Exof:E826aKTEcNS7vv4xPg9evRKrmFqY89
                                                                                                                                                                                                                                                                                              MD5:8B4F10962FCBB96560B503C14E3996F5
                                                                                                                                                                                                                                                                                              SHA1:2C86CE16613248578F969109C064910F75335879
                                                                                                                                                                                                                                                                                              SHA-256:44E47257EEB32138A7441D71F8844A64B517E697CB0457F0420A0D331F8200D9
                                                                                                                                                                                                                                                                                              SHA-512:018233A69417CE071B4FA11A5E4FF4474BFDF69F532403DD6CB81ED5CD0B996BF218EDCA0CAD4043AEDDC5A9CB978EE49BD3B48BE9E906101ECD7E5E4B94DD29
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....H...............................................p......<.....@.......................................... ..(E...........J..8)...........................................................................................rdata..............................@..@.rsrc...(E... ...F..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...+...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1093.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):280376
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.34798913496184
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:QO9+67kbZVDyYhn1ivN2zA46Erzs+PvC+xIasNu4CyZtlI14X:dkbZVDzhn3zAUzssIaOu4CyZtlYW
                                                                                                                                                                                                                                                                                              MD5:E434012F1EF326283EFEE9737D863B43
                                                                                                                                                                                                                                                                                              SHA1:B72D5BFC216A168FF345E74776F370ECFE21A203
                                                                                                                                                                                                                                                                                              SHA-256:01F2A4EEE2E5FA230D23BB1EFFA8F47B2E997FBDC1A222D59E05A9D02E78E219
                                                                                                                                                                                                                                                                                              SHA-512:0C3D16FF374691320D5431676865361A10B4CDEB16448D31D99AB446979E08C9B61720CDFDB85EBF831C424D43EC95038CB68B8B727CA22DBF0F80682E4FDCC9
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....................................................@......r.....@.......................................... ..0...............8)...........................................................................................rdata..............................@..@.rsrc...0.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..`....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1102.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):99640
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.72913305552437
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:MQ+vvrNhPw/3mdwJ3vJbMTg0Pg9evRKrmFqYWXd7KxQw:qRh4/cGvZ4xPg9evRKrmFqY61w
                                                                                                                                                                                                                                                                                              MD5:4933340AC0057969F052CAD22CA6067A
                                                                                                                                                                                                                                                                                              SHA1:2472B3B4DEA372F01EEFF5D0778972FEC2F10D1D
                                                                                                                                                                                                                                                                                              SHA-256:F31156A07CDFB299BE23F730A68E187F729BEE5BB03789AE04D1D4086684ED3D
                                                                                                                                                                                                                                                                                              SHA-512:A7D4EBDE608A34169E4E4D0FF3840B9835255A43E3186116A88DF829EB2392B6999D55BE112E7BC8405A1A5BAA036F34CC60E02399A9E67BF550B0FAD26B9670
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....Z......................................................!.....@.......................................... ...V...........\..8)...........................................................................................rdata..............................@..@.rsrc....V... ...X..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..`=...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1104.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):97592
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.754900601758707
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:N6WKkcKSdmT/ya7LLuPaCdx4vOw38M1g0Pg9evRKrmFqYWXX7oBx1:sWnSAHaH8vAexPg9evRKrmFqYEQ
                                                                                                                                                                                                                                                                                              MD5:FB6FA1A941C6E412DC6676528D7B34E3
                                                                                                                                                                                                                                                                                              SHA1:A57A10BEB61185B20A0306960548010BAB4D52B3
                                                                                                                                                                                                                                                                                              SHA-256:591379225EB3E682DB9F4376EDC193967FE74B8BA02E3936A67DC9CAA04DA897
                                                                                                                                                                                                                                                                                              SHA-512:9B2B5337C8BF9397A2B2FCE9A5F97AB6C26B9D62FED783284CB50CEE84E9DC8B4EBE48392F8325F9AC0BDB6D1BC762A8A661912680531B646DD4C6F1ABFADE0A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....R...............................................p......[.....@.......................................... ..PN...........T..8)...........................................................................................rdata..............................@..@.rsrc...PN... ...P..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...5...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1109.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):102200
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.690951150326739
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:5NsWvrNxLllQdwx9veMTg0Pg9evRKrmFqYWXB7Vxn:bsI960ve4xPg9evRKrmFqYef
                                                                                                                                                                                                                                                                                              MD5:9B8557734B14D91B1D5DB0FC9032A9AA
                                                                                                                                                                                                                                                                                              SHA1:548AC5A087D3C952C657381A699FE909DFA20175
                                                                                                                                                                                                                                                                                              SHA-256:F1EE8C9796129F78785B183F378A1AD066814F8456710DD6D9F163A69A5F9F36
                                                                                                                                                                                                                                                                                              SHA-512:22C40BC195F1A5AC8D56B906686475918C6E50A69056727EB4D5DA807926F30E933CDA663747388D014DB278B72AEBC57258445726835BD48B30DC8FC9F0C4BD
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....d......................................................U7....@.......................................... ...a...........f..8)...........................................................................................rdata..............................@..@.rsrc....a... ...b..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...H...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1110.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):97080
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.149948710746257
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:stVvrN/KQEDdwd9vJ2q0EZqMTg0Pg9evRKrmFqYWXO7ExE2:KL/hE5IvCR4xPg9evRKrmFqYVP2
                                                                                                                                                                                                                                                                                              MD5:7275986050A642B9751F52DFB0A3EF4A
                                                                                                                                                                                                                                                                                              SHA1:B3CEB46FC457E4D2970838E9086421CA8CE13F00
                                                                                                                                                                                                                                                                                              SHA-256:F19AB507DA9D115ACEC1C84EE336895A7F585588EAC093E8602A6F9D2B920C4A
                                                                                                                                                                                                                                                                                              SHA-512:19356FD719D5CC4C759F7BC3A4AE0427A2B400C60F4A0E4B4179776F7FC249C22DC2A7C7650F06A7A805924533B419A15AB8404A787C9E57E87E5D51E3B5F401
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....P...............................................p.......Q....@.......................................... ...M...........R..8)...........................................................................................rdata..............................@..@.rsrc....M... ...N..................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..84...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-1155.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):113976
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.053719737166396
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:hpg4lMseFlQWOc7tEsGGg7gsaVgdevRKrmFqYlyjI:jVx1Fk
                                                                                                                                                                                                                                                                                              MD5:2E5E8FC01F6363827832E1352D76267D
                                                                                                                                                                                                                                                                                              SHA1:EA62A3D7AC8254FAE96B6D5B549FA96CB906A88F
                                                                                                                                                                                                                                                                                              SHA-256:43D20539349EE51141A6B4973446473DC880E375B4C5ADF178005BD3592487A0
                                                                                                                                                                                                                                                                                              SHA-512:283DDC39E1BA9925FE62ACF9F8B57F062D044D5D61856D4623B59E5C0B76BD6770C5D0F09F82546620B38C6CD97C717EDFF40C6C4C84DD62C5543610E7D458F1
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................................@.......................................... .................8)...........................................................................................rdata..............................@..@.rsrc....... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...v...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-2052.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):114488
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.412089076920203
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:EOyd3xEybxYj80EFxJEsZiDF161Fb3KNTbFhYVYm0MBLYyQI:rAEsZiDF161Fb3KNTbFhYVYm0MBLzR
                                                                                                                                                                                                                                                                                              MD5:242EBCCB51A653E6735F97FF6CCF3191
                                                                                                                                                                                                                                                                                              SHA1:7EF6D920E9493757390018ED16F076AD74C70BEC
                                                                                                                                                                                                                                                                                              SHA-256:5D0428EB75ECEAC3B02824884C1F0754DA227F27887796A15290616C002101B0
                                                                                                                                                                                                                                                                                              SHA-512:6421EB66E6A085E086CFA12C47786A5A3E768224ABA33D605B9FFF8248C7FFA7A50726BE3CEB08F40C0ACFD93E6F95ADB07D5EBF1081CAC895AE39CEF98FF8D8
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................................@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...d...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-2070.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):290104
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.647384770782947
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:3OS3q94a9dzAC6yvroL6+USZexMXvsE+DgDCCyie9uGroPdqm:9s9fcxqg
                                                                                                                                                                                                                                                                                              MD5:F06551DB96B650D71E1A19DC76E447AC
                                                                                                                                                                                                                                                                                              SHA1:997127433E958D09DB299C536635A8BE91698A37
                                                                                                                                                                                                                                                                                              SHA-256:1C8979DFB053000499F35B4687E7762A13CA764CD89CE4BF2D3AE57E80478219
                                                                                                                                                                                                                                                                                              SHA-512:E23EE2EC32D0886FCB7BF963225B9578B5AD62A3381D00595DD38BD040F92F781F79D7109009D0CB982FB5F22DFC2DDE6D9AF41EE6B1A53E3FB4A50EC89A35D2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....B...............................................`............@.......................................... ..P?...........D..8)...........................................................................................rdata..............................@..@.rsrc...P?... ...@..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-2074.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):285496
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.7488194035132305
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:pOLQVN5hioYJ5QnYF+5tB8xxPNQnmO5dCV:gQjizQpsV
                                                                                                                                                                                                                                                                                              MD5:1415861521E7DDFE93EC6B0FB5914A5C
                                                                                                                                                                                                                                                                                              SHA1:6A93A6EC9424AD274B6BEE1C378565A70EA54744
                                                                                                                                                                                                                                                                                              SHA-256:E8A825EE76ACCC89059153934BB80A611DE20EA97DC1710977F3483CC2619617
                                                                                                                                                                                                                                                                                              SHA-512:4AA847502F1A124BB56299B60C60D1A5A0A5A1ECFD3DED86FD548ED5C70B1A744424D5CD25FBA6406BFEC30B92141CE1084D1C72BF6A4496F1FCE63B91D07107
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....0...............................................P......O.....@.......................................... ...,...........2..8)...........................................................................................rdata..............................@..@.rsrc....,... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-3098.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):99640
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.703061225228535
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:TaTftzNluN4jjDovp+MTg0Pg9evRKrmFqYWXs7axI:ErlISjDovp+4xPg9evRKrmFqYX3
                                                                                                                                                                                                                                                                                              MD5:B98D9142415C790A47D77E7BE6C44849
                                                                                                                                                                                                                                                                                              SHA1:EF1B10D34D2E937773B55E5BB9EDA74BA99F70F1
                                                                                                                                                                                                                                                                                              SHA-256:C10DC7F0C2DBE90810A8B9063A213074624CCC95E2F70FFDBFC47C2D39568076
                                                                                                                                                                                                                                                                                              SHA-512:E4A44B4C51AB9792332088008397BBAE6383C4F71F5D906DB38153FBC5FD285A24ECE15CD2F69D51B6F3259A576BB40EEE0CE3AD8A783B4C150D4A082D260FC0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....Z...........................................................@.......................................... ...V...........\..8)...........................................................................................rdata..............................@..@.rsrc....V... ...X..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...<...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-5146.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):102712
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.170904053781955
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:TWTdQdr3+167bBBAOe6wCBjviagdevRKrmFqYUE7hxP:yBB6HvAOQCJRgdevRKrmFqYlr
                                                                                                                                                                                                                                                                                              MD5:EB8B44B42DC212F6E1A907B9F3923C1B
                                                                                                                                                                                                                                                                                              SHA1:E19A0CE62AD3751761837107DC0B931DACB86633
                                                                                                                                                                                                                                                                                              SHA-256:33BF6C33122ED46CA38EE583E6EEFB6ED000F907F3A5D7DC9751F47EA2198F3B
                                                                                                                                                                                                                                                                                              SHA-512:6E67862765C36E33E3C868B73C3D20A189C4E9FB8658D5686D23BA5E14E9B6601E9D361F4AA77762918DC86BFE50C330337B5855CC4A28F2469068CB0E061751
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....f......................................................<E....@.......................................... ...b...........h..8)...........................................................................................rdata..............................@..@.rsrc....b... ...d..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...I...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Lang\lang-9999.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):101176
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.729906595782769
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:CHIbKpE+8vrNGbxN8nIvfS+kMTg0Pg9evRKrmFqYWX/7QBxd:N6SIvbk4xPg9evRKrmFqYM8
                                                                                                                                                                                                                                                                                              MD5:7A4C4D1404E8457F68910BE2577945FB
                                                                                                                                                                                                                                                                                              SHA1:879E3AEC18A1CFADD7DB6A7941DC30FD06DEF356
                                                                                                                                                                                                                                                                                              SHA-256:22439452C1F34992B0D8C2FADE574BF35E4C968B5BEFC7BAFFF4CAF033B37DC5
                                                                                                                                                                                                                                                                                              SHA-512:18EB15639BA23DAC98AD69B435C6882D5B80FCB717766CCFBB760861A2BA8D76C68911ED605421D3AE504200ABB82E783687FD2A9DD640CC88196F305EDFA97C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....`...........................................................@.......................................... ...\...........b..8)...........................................................................................rdata..............................@..@.rsrc....\... ...^..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...C...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Setup\605d9d3c-b428-4c6f-bed7-a0262acb20a2.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCUpdate.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):480648
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.655759441527599
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12288:KptzeTYZP443n/q6LQX5uNllmSJIbbEcgSZ5MQUszT:KptzeKP443nCuQKgSJITgybUsf
                                                                                                                                                                                                                                                                                              MD5:FE6F58FB55D9A93502528C3C9BB13A3F
                                                                                                                                                                                                                                                                                              SHA1:516275DDDBC9E2F056342201B03A0931D93A6239
                                                                                                                                                                                                                                                                                              SHA-256:C427BCF6B065EDF06662E0540E3E9A21C07095184E7BB9D05926DC3B79FC3348
                                                                                                                                                                                                                                                                                              SHA-512:7F45F187D6C3156B89E2DAF0C2BFDC60A59140FF94F8255FA672422ABC43AA1252B0FE0FA0A3EF675F9E71C33B26424597C015DB83DEC7F5E20EE8769C61C619
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........I...I...I...&..[...&....&..^.......J.....z.K...r...^...r...$...r...j...@...P...I...S...............H.....B.H...I.*.H.......H...RichI...........................PE..L....5.[...........!.....8...........R.......P............................................@A............................l........... ..8...........H4..@!...0...H..0W..p....................W.......W..@............P...............................text...:6.......8.................. ..`.rdata.......P.......<..............@..@.data...P9.......&..................@....tls................................@....rsrc...8.... ......................@..@.reloc...H...0...J..................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Setup\63748cba-e338-4416-be16-706152c97125.xml

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCUpdate.exe
                                                                                                                                                                                                                                                                                              File Type:XML 1.0 document, ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):823
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.342670899880195
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:2dKAAierZHv4H6hc8AieasfHtH6hUhAiemn4abKuk:cuietwaKjiebNaNieU4abtk
                                                                                                                                                                                                                                                                                              MD5:584FA0E34608830393891D132F62864C
                                                                                                                                                                                                                                                                                              SHA1:779AEEA7880D44F1F708D4E1B04938398CD3B162
                                                                                                                                                                                                                                                                                              SHA-256:A85B4627A768A62409AD3C35CBDA1CE5AA85E829D1D0CAA8F709F212470156BC
                                                                                                                                                                                                                                                                                              SHA-512:80BB11530488D32893CED64199B07EF892E042FE29F16C023C417F3B5ACBF26541DBFF650DBE2567F806B591D194B8F7D1264C6304AF9039A2BF9B8C73A0C026
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:<?xml version="1.0" encoding="UTF-8"?>.<aswmicroupdates version="3">.. <update url="http://ccleaner.tools.avcdn.net/tools/ccleaner/update/ccupdate10.cab" mversion="10"/>. .</aswmicroupdates>..<aswmicroupdates version="9">.<condition version_c="(+=)6278" os_c="(+=)6.1">. <condition version_c="(-=)9727">. <update url="http://ccleaner.tools.avcdn.net/tools/ccleaner/update/ccupdate029.cab" mversion="29"/>. </condition>.</condition>. condition version_c="(+=)9825" os_c="(+=)6.1">. <condition version_c="(-=)10999">. <update url="http://ccleaner.tools.avcdn.net/tools/ccleaner/update/ccupdate043.cab" mversion="43"/>. </condition>.</condition-->.</aswmicroupdates>.ASWSig2A529161132AF6EEBB7339A441BF52C9A1A8C19F0F74A7ECEED4EA241718235A2F07D72D22DCB7CB807FD5D15872F1920747E35D7AE95CFB68E2BB9F6157BA2926ASWSig2A

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Setup\853f33e8-7d58-420f-bf5d-8f7f56e9f9d4.ini

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCUpdate.exe
                                                                                                                                                                                                                                                                                              File Type:Generic INItialization configuration [Signature]
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):170
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.950846800752146
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:YgB4kRzoGJAEuQwGBL/ARRKJArLr4AMVGVWJovmwA4NfeE63sSVS/rJC2zbkVQn:YybOUwGBgRzGwgYmwAqWEdHQ236Qn
                                                                                                                                                                                                                                                                                              MD5:2AF9F69DF769F876F6E02DA18E966020
                                                                                                                                                                                                                                                                                              SHA1:5D21312D9BD23A498A294844778C49641A63D5E2
                                                                                                                                                                                                                                                                                              SHA-256:473D48A44A348F6C547AEFD2C60DD4B9DE0092E1FB94A7611BDD374783EF3B2C
                                                                                                                                                                                                                                                                                              SHA-512:A4705E5491CF03867FD46E63293181BF761D04FE0CCCB86E373DD567C68D646634F64EF95D5B910D2266468B93BF7CDF6F9ACBF576C6F42A4FF6C3CAA09D2274
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:[Patches_dll]..5=http://ccleaner.tools.avcdn.net/tools/ccleaner/update/20180205.dll..[Signature]..s{...,ZQ]~..7..C5.R..+...s- .zy...nn..~.r@.X(.WJ..8t..n..%k.ASWSig2B

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\Setup\config.def

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):27
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.106377316818027
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:XvVP2vn:tA
                                                                                                                                                                                                                                                                                              MD5:05927E894C81EB42C3B4DAE5A5A6C937
                                                                                                                                                                                                                                                                                              SHA1:7EC0660AAC7C3396599447A49F30BA18E1F0DB49
                                                                                                                                                                                                                                                                                              SHA-256:09C65B39BC891E12956AB7BB30FAE147EF7C8FA37542B6F040613436B566E7F8
                                                                                                                                                                                                                                                                                              SHA-512:C06E2788952A3550597F5B539CF8F5CF7A569E33192951BC8CE97D4570BD4BA35ABCE99586F309F3E1CFFE6F1D83AEE98B79C0C26503EF4CD4D1FBFB40E1BA4E
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:[common]..DumpReporting=1..

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\gcapi_17167274625804.dll (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):758272
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.544177497925195
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12288:06hpgkDPRqJpEhD5WCcZle6qZ5eR5+nRognE:XpgkD5qEhUZgFxM
                                                                                                                                                                                                                                                                                              MD5:F17F96322F8741FE86699963A1812897
                                                                                                                                                                                                                                                                                              SHA1:A8433CAB1DEB9C128C745057A809B42110001F55
                                                                                                                                                                                                                                                                                              SHA-256:8B6CE3A640E2D6F36B0001BE2A1ABB765AE51E62C314A15911E75138CBB544BB
                                                                                                                                                                                                                                                                                              SHA-512:F10586F650A5D602287E6E7AEEAF688B275F0606E20551A70EA616999579ACDF7EA2F10CEBCFAA817DAE4A2FC9076E7FA5B74D9C4B38878FBF590FFE0E7D81C9
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pt.^.........." ................0M.......................................@............`..........................................f.......h..........x........V........... ......|e.......................c..(.......0............n...............................text............................... ..`.rdata..L...........................@..@.data...D}.......4..................@....pdata...V.......X..................@..@.00cfg..(............r..............@..@.tls.................t..............@..._RDATA...............v..............@..@.rsrc...x............x..............@..@.reloc....... .......~..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\gcapi_17167274745116.dll (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):758272
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.544177497925195
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12288:06hpgkDPRqJpEhD5WCcZle6qZ5eR5+nRognE:XpgkD5qEhUZgFxM
                                                                                                                                                                                                                                                                                              MD5:F17F96322F8741FE86699963A1812897
                                                                                                                                                                                                                                                                                              SHA1:A8433CAB1DEB9C128C745057A809B42110001F55
                                                                                                                                                                                                                                                                                              SHA-256:8B6CE3A640E2D6F36B0001BE2A1ABB765AE51E62C314A15911E75138CBB544BB
                                                                                                                                                                                                                                                                                              SHA-512:F10586F650A5D602287E6E7AEEAF688B275F0606E20551A70EA616999579ACDF7EA2F10CEBCFAA817DAE4A2FC9076E7FA5B74D9C4B38878FBF590FFE0E7D81C9
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pt.^.........." ................0M.......................................@............`..........................................f.......h..........x........V........... ......|e.......................c..(.......0............n...............................text............................... ..`.rdata..L...........................@..@.data...D}.......4..................@....pdata...V.......X..................@..@.00cfg..(............r..............@..@.tls.................t..............@..._RDATA...............v..............@..@.rsrc...x............x..............@..@.reloc....... .......~..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\gcapi_17167274765172.dll (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):758272
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.544177497925195
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12288:06hpgkDPRqJpEhD5WCcZle6qZ5eR5+nRognE:XpgkD5qEhUZgFxM
                                                                                                                                                                                                                                                                                              MD5:F17F96322F8741FE86699963A1812897
                                                                                                                                                                                                                                                                                              SHA1:A8433CAB1DEB9C128C745057A809B42110001F55
                                                                                                                                                                                                                                                                                              SHA-256:8B6CE3A640E2D6F36B0001BE2A1ABB765AE51E62C314A15911E75138CBB544BB
                                                                                                                                                                                                                                                                                              SHA-512:F10586F650A5D602287E6E7AEEAF688B275F0606E20551A70EA616999579ACDF7EA2F10CEBCFAA817DAE4A2FC9076E7FA5B74D9C4B38878FBF590FFE0E7D81C9
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pt.^.........." ................0M.......................................@............`..........................................f.......h..........x........V........... ......|e.......................c..(.......0............n...............................text............................... ..`.rdata..L...........................@..@.data...D}.......4..................@....pdata...V.......X..................@..@.00cfg..(............r..............@..@.tls.................t..............@..._RDATA...............v..............@..@.rsrc...x............x..............@..@.reloc....... .......~..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\gcapi_dll.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):758272
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.544177497925195
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12288:06hpgkDPRqJpEhD5WCcZle6qZ5eR5+nRognE:XpgkD5qEhUZgFxM
                                                                                                                                                                                                                                                                                              MD5:F17F96322F8741FE86699963A1812897
                                                                                                                                                                                                                                                                                              SHA1:A8433CAB1DEB9C128C745057A809B42110001F55
                                                                                                                                                                                                                                                                                              SHA-256:8B6CE3A640E2D6F36B0001BE2A1ABB765AE51E62C314A15911E75138CBB544BB
                                                                                                                                                                                                                                                                                              SHA-512:F10586F650A5D602287E6E7AEEAF688B275F0606E20551A70EA616999579ACDF7EA2F10CEBCFAA817DAE4A2FC9076E7FA5B74D9C4B38878FBF590FFE0E7D81C9
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...Pt.^.........." ................0M.......................................@............`..........................................f.......h..........x........V........... ......|e.......................c..(.......0............n...............................text............................... ..`.rdata..L...........................@..@.data...D}.......4..................@....pdata...V.......X..................@..@.00cfg..(............r..............@..@.tls.................t..............@..._RDATA...............v..............@..@.rsrc...x............x..............@..@.reloc....... .......~..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\libwaapi.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1056048
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.250572348143712
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24576:C40fBkXwR1t+ZLYcVSbGq4wT0OR07ZPeyMJLH7kU:Uk+1YtbsGq4wT0ORGZPeySHx
                                                                                                                                                                                                                                                                                              MD5:0B6B80205995E3FC66565E185FF95C6C
                                                                                                                                                                                                                                                                                              SHA1:8324E0E5EEAF72584AFF8304280E4A87707AD8B3
                                                                                                                                                                                                                                                                                              SHA-256:B7C3B601ACF2786556B8B59BE309264EA9F188347B64B4D9A14CB859D85AB882
                                                                                                                                                                                                                                                                                              SHA-512:2C7D28EB8123F66E0534DA17082C7441EB733A5545E35D7B5CAAE2004AF07F6FAB3F293EDD25E942CCED05F0D2D6BFEEDAD4FBB1902498B469DA127BC49FD1C6
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P...;...P...;...P...;..hP..e....P..e...P..e....P...;...P.......P...P..}Q.......P.......P.......P...Pr..P.......P..Rich.P..........PE..d...K..e.........." .....Z..........pr.......................................`...........`A........................................p.......L........0...........~......0)...@..|.......p.......................(....................p..@............................text....X.......Z.................. ..`.rdata.......p.......^..............@..@.data....r.......T..................@....pdata...~...........N..............@..@.tls................................@....gehcont..... ......................@..@.rsrc........0......................@..@.reloc..|....@......................@..B................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\libwaheap.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):103216
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.186007328402438
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3072:usEMdY59enGtW/zc7fKJP5MZEhinq4nNv:l4iGtAz0fUdWF
                                                                                                                                                                                                                                                                                              MD5:0D63986CB214F9F78951943978B9BB49
                                                                                                                                                                                                                                                                                              SHA1:C3506074A3447C59BCC3FF12377A5822164D7653
                                                                                                                                                                                                                                                                                              SHA-256:501E933AE8F9145CDC7BEC18CFA3D6003DA03A396DDD89056A1D515336951BAB
                                                                                                                                                                                                                                                                                              SHA-512:1A62C40F51B0716072E46436B60029F17D5100A497BFE8154456A56FF080DC19C7D4D1C2E1589E22478C0C79F70F515FA59892D58C355549A260814CA29DBD45
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Z...Z...Z...N...^...N...Q...N.........]......N......J...N...Y...Z..........[......[.....{.[...Z...[......[...RichZ...........PE..d......e.........." ................@................................................(....`A.........................................Q..L....R..(....................j..0)...........C..p............................C..................8............................text............................... ..`.rdata..............................@..@.data........`.......@..............@....pdata...............J..............@..@.gehcont.............X..............@..@.rsrc................Z..............@..@.reloc...............b..............@..B................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\libwalocal.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1865008
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.413716590732391
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24576:HgqCbZZd1QplE0I42gkT8f/LBgVyglGKOEv5gPKlK8+dihxI6GgfGuqlkIoVxn:HvCbZZd1gNI4KQFSk8+diPI6XG9lqD
                                                                                                                                                                                                                                                                                              MD5:998786FE78664098754EEFE0203EA661
                                                                                                                                                                                                                                                                                              SHA1:A33140AA6B00F545E65A7BA970CB061544E92199
                                                                                                                                                                                                                                                                                              SHA-256:7A796318905AC2DB623F3666F59EC8479CAE7968FE35F92A856CD4960CBB031A
                                                                                                                                                                                                                                                                                              SHA-512:D56C0FC4F0EA8BBB8F840A90355CB47CFCF64491986ED594C6128D03F9307B29879BAD02453B7BA6296551C0139F2002DA2BA380FC6BB237DCFA5048FF67E39A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$........z.cJ..0J..0J..0^p.1\..0^p.1G..0^p.1...0.B0K..0.E.1@..0.E.1 ..0.E.1m..0.E.1D..0^p.1B..0.E.1M..0J..0...0.E.1S..0.E.1K..0.Ez0K..0J..0K..0.E.1K..0RichJ..0................PE..d......e.........." .........l......0...............................................5H....`A........................................ ..........................X....L..0).......&..._..p............................_...............................................text............................... ..`.rdata..............................@..@.data...........p..................@....pdata..X............H..............@..@.gehcont.....p......................@..@.rsrc...............................@..@.reloc...&.......(...$..............@..B................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\libwaresource.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):4579120
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.999922802947247
                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                              SSDEEP:98304:537xCoKSEbtbHuQFQm5q8U3XRqmdywCmvUssaK6dxtfu:5L0Yuhr5Q3Qkyw11Pfu
                                                                                                                                                                                                                                                                                              MD5:730D58A19A0231E705D7D63419D03051
                                                                                                                                                                                                                                                                                              SHA1:4202E59CF8F0FADF89260504D1A237FD1FC3D440
                                                                                                                                                                                                                                                                                              SHA-256:595EEE82EA795DE27DA52E2E57E9F1D41614485A0C3C9988017CB4C3D8B2C081
                                                                                                                                                                                                                                                                                              SHA-512:8F59FCAC4F01B1DAB22E08F58F8A80F8988F59B85D31FC0AC711D616D359E4FB0A0D0C219D4A524007802C143BA9E4E22129580F54AACDB720482C1EBD2D7547
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................J...............J.......Rich............PE..L......e...........!..........E...............................................E......WF...@.......................................... .. .E...........E.0)..............p............................................................................rdata..............................@..@.rsrc... .E.. ....E.................@..@.......e........*...p...p..........e...........................e........T..................e....................RSDS.[..f..F.O9.pz......libwaresource.pdb.......................GCTL....p....rdata..p........rdata$zzzdbg.... .......rsrc$01.....#...E..rsrc$02........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\libwautils.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):3493680
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.259342134926564
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:49152:6/giL9IUCBKLMuDRaZTtNq4wT3BK3wKlnPqRrhOV5l/:av6iK3xR9
                                                                                                                                                                                                                                                                                              MD5:78678D949D8855917C55A117F8087EAE
                                                                                                                                                                                                                                                                                              SHA1:6C87C3047FF5E2A285A0E13112D4631F3B6392D1
                                                                                                                                                                                                                                                                                              SHA-256:6F84673CE9DDB6344913888F39FC586CB4977D51286154D3303ACF7F1CEF4511
                                                                                                                                                                                                                                                                                              SHA-512:32546DA0790FB6DA798459CEF0FA88A9443F764C2AEC2025EA71C143E253E374307F50F0A4EE9A3CD363C801A6EE62238E6C5FB02790EF0F3599E69052D23E3C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$........p........................H....s.....&.......&.......................&.......<.......................L.......<.......<.......<.......<............<.......Rich............................PE..d...(..e.........." .....L!......... B........................................9.......5...`A.........................................P1.<...<.2.......9.......8.`>...&5.0)....9..'..0d).p....................d).(...@.$..............`!.@....O1.@....................text...|J!......L!................. ..`.rdata......`!......P!.............@..@.data...X.....3.......2.............@....pdata..`>....8..@....3.............@..@.didat..0....P9.......4.............@....tls....a....`9.......4.............@....gehcont$....p9.......4.............@..@.rsrc.........9.......4.............@..@.reloc...'....9..(....4.............@..B........................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\libwavmodapi.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):4742448
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.276758565538506
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:98304:emrXAJENYFzlD7Xtp+AAUOx0YSxGd/u/z:emrXAJyazB7Xtp+AAUOx0YSSur
                                                                                                                                                                                                                                                                                              MD5:489EF097414BCA18C70D2D264D08517C
                                                                                                                                                                                                                                                                                              SHA1:85EF7E63FAF5B920CC26C2690DD019CF4D901822
                                                                                                                                                                                                                                                                                              SHA-256:FB821F4FC17E2D1033E6F3A214239EA3557ABE6469C6F82C5F96FCF2A141E32A
                                                                                                                                                                                                                                                                                              SHA-512:9326FB896979FE93E04C8CD1BE4BAA7F9A7A43E034498801C2A1B67DF0BC7D34D54D29D1FB471D05CB17E9464684DDDC09EC37CB3EF91CE021EC6CE3919313EE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................8...........!..L.!This program cannot be run in DOS mode....$.......[~...............t.......t.......t........P......A.......A..7....t.......A..e....A.......j.. ....j..I....t...............A.......A.......Ah..............A......Rich....................PE..d...u..e.........." .....|4.........p.).......................................H.......H...`A........................................ ME......kE.@.....H.......F.H....4H.0)....H..'..0m;.T...................(n;.(....m;...............4..............................text....z4......|4................. ..`.rdata...9....4..:....4.............@..@.data.........E..|....E.............@....pdata..H.....F......6F.............@..@.tls....a....pH.......H.............@....gehcont$.....H.......H.............@..@.rsrc.........H.......H.............@..@.reloc...'....H..(....H.............@..B........................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\uninst.exe

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):4582888
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.99649829952713
                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                              SSDEEP:98304:7QaSEJHmPIzq8PMRBmfisUUIm8sTjkzjeDgPGRWP:74qRhCmaHLITIz8RWP
                                                                                                                                                                                                                                                                                              MD5:CB9DB933ADBD7F92ED9C7EB68F110DB0
                                                                                                                                                                                                                                                                                              SHA1:9BBBBB028DE12C41D0D96CA11D3D559A6F610D7E
                                                                                                                                                                                                                                                                                              SHA-256:238D21B4AB8020B73E226267BF5CFE7488245C856FE283919C73D1F510F3A310
                                                                                                                                                                                                                                                                                              SHA-512:3C52685C71FF3475EE2C4328B89DBDBD59310A75BC565B469CA5A6D6EE61383C385D01ECF0470BCD73ECE15ED0F1E2174151BA7B2DA74BF2698F24F2650788BF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h.......@..@6............@..........................`A.......F...@...........................................@.............@.E..W...........................................................................................text...vf.......h.................. ..`.rdata...............l..............@..@.data...xc..........................@....ndata....9..............................rsrc.........@.....................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\wa_3rd_party_host_32.exe

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2249008
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.6321449954205125
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:49152:9RWMLm5JJ+CNr7vded6eBA9m8UVrpJPP4qT+sHoUsWmyWTTloZUAbctFAc:98MLmR+CNlzAHohWmVThlAs
                                                                                                                                                                                                                                                                                              MD5:DFE443F3ABEF2CE3B2FE1D3C309CE50A
                                                                                                                                                                                                                                                                                              SHA1:CC4041EB8D66549DF21314F50834659F0E23BDBE
                                                                                                                                                                                                                                                                                              SHA-256:04675E23275A9AD0305E8C5B53E2EDD5BD20CF170CB2A1A0E25C4B71CCEC7461
                                                                                                                                                                                                                                                                                              SHA-512:A232A683B5CCC3ECA4B7F380D48673C7A342D9263BF1AFE000F54108516989801A5BEC81DADD14E9E6495D1C59F1419D8FD916A3B3445FFD52DE3B415D1E1F42
                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........p>...m...m...m..lv..m..l...mVn.m...me..l...me..l...me..lA..m..l...m..l...m..l...m...m...m...l...m...l...m...l...m...m...m..m...m...l...mRich...m........PE..L......e.....................(......@.............@..........................."......."...@.........................`J .....(O ......P!.\?...........(".0)....!.........p...................0........&..@...............<....I .@....................text............................... ..`.rdata...V.......X..................@..@.data...x....p ..v...X .............@....didat.......0!....... .............@....tls.........@!....... .............@....rsrc...\?...P!..@.... .............@..@.reloc........!.......!.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Program Files\CCleaner\wa_3rd_party_host_64.exe

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2824496
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.395490097476429
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:49152:/gpA28W5NF+dEVU0Ytz1ojkAwc1cE5OKS2N+51NRaq:opzpfVUEAKBNKNR
                                                                                                                                                                                                                                                                                              MD5:63EE667043F221EADCE0DBA7D8B24035
                                                                                                                                                                                                                                                                                              SHA1:A972C5C86B848E821224695D728188FB04FC12F8
                                                                                                                                                                                                                                                                                              SHA-256:F016A1FFA6E4FEC707CF75BFA170E0458C08D8ED13CC3603714F21AB5226B636
                                                                                                                                                                                                                                                                                              SHA-512:C7DD965EBE7FB04BB301B876D0F9E5F678CBC7015F5E5FAEC2F9FA4E2925DD4E94668D88B069E658A39E90219B1F98E1902D454A904FB589004B61FA73E986FB
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$..........<V.noV.noV.noB.mnZ.noB.kn.no.#.oU.no..mn_.no..jn~.no..kn.noB.hnT.noB.jnN.noB.onG.noV.oor.no..jnE.no..fn..no..nnW.no..oW.noV..oW.no..lnW.noRichV.no................PE..d......e.........."......v...v.................@..............................+.......,...`.........................................`n(.X....r(...... +.\?....)..f....*.0)...`+..(...h$.p...................0i$.(...P."......................m(.@....................text...\t.......v.................. ..`.rdata.."............z..............@..@.data...t.....(......z(.............@....pdata...f....)..h....).............@..@.didat.. .....*.......*.............@....tls..........+.......*.............@....gehcont$.....+.......*.............@..@.rsrc...\?... +..@....*.............@..@.reloc...(...`+..*....*.............@..B................................................................................

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1310720
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.12801550187010632
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:384:mJHL7HbahIfcjcidIiBysHciXBs78MmhRht43BBPXDuJ+GYTzTJ:mJP74rzc8Myr43BJuJ+GYTzTJ
                                                                                                                                                                                                                                                                                              MD5:66C777087F2EBE99650556528A107AF0
                                                                                                                                                                                                                                                                                              SHA1:4D2F655905454D2E07E56D52E633DCEFEDB749B6
                                                                                                                                                                                                                                                                                              SHA-256:8A61EA8FFFC3D35AA9F79C7AB20931220456C06070C0BED5E5AE2B4C1717700F
                                                                                                                                                                                                                                                                                              SHA-512:4F01EAAB50A9315752D76E826929B1A1B02D30B00B4BA6E08772E5F49DB6A29EB7375FCA5C520702A73ED84A4C6537D8B05875DB5C5DD04B8C7837CE61CE0852
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:...........@..@.3...{g..*...yo.........<.....).*9...y..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................;..........v[.2}c}c.#.........`h.d...............h.<.....6.:......p..*9...y..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0x2d92e0bc, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1048576
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.8737219212655963
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:LSB2qSB2gSjlK/PfhMlKohVg8/bGLBSBLil2u/3DB+1HzY/3A5v7GoCnLKxKHKrx:LapaFK0nfOD8F31Xw
                                                                                                                                                                                                                                                                                              MD5:8A630247FB2DB1C585FC745B664B0294
                                                                                                                                                                                                                                                                                              SHA1:DE754133857FE123358286FDACD8CC2AE5958C08
                                                                                                                                                                                                                                                                                              SHA-256:F97162EAAA1C738EBE6995B04E12F5DF9D96AD4E286D56EE03BBAD2E22188D27
                                                                                                                                                                                                                                                                                              SHA-512:A7071EB2D6666DCAA16D953836259ECECCFBCAA1C9B2FB2D183321EE60D3712A46E84B0B97BA1E461A2126861B16620D30EBC7DA3B4BA785B472450AB0DA9C66
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:-..... ................p..*9...y......................~."......$...|.."-...|/.h.$...........................).*9...y..........................................................................................................bJ......n....@...................................................................................................... ........3...{g........................................................................................................................................................................................................................................"-...|/L..................W."-...|/..........................#......h.$.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.08238306011696671
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:m1sOp/zoJllllSi3clXYaoHllCXlll/lJlYZb:y1zoJXSi3clXIuA
                                                                                                                                                                                                                                                                                              MD5:5C49B85EE870B1C148436DD061BC521A
                                                                                                                                                                                                                                                                                              SHA1:099F419162A9FCDC40B6A543B53C8F5EC24D501A
                                                                                                                                                                                                                                                                                              SHA-256:8DB82FB04C48D80DC50DCC3A73173AD39A2DCFBCAB58A6019274F9AF053BE01C
                                                                                                                                                                                                                                                                                              SHA-512:B46B3E9403377CD7CAFE680F5E92DFDD9AA6C4B76084901D82AC7F50C01158EEE83225C149742EAF7F3A93E08532604FCB62AE5C744D83854E9CD56E4CD18945
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:...r....................................*9...y.."-...|/..$...|...........$...|...$...|......$...|.F..................W."-...|/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.db

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0xec4ced37, page size 4096, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):196608
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.943061485504081
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:384:t2USNM+c0R4biVDbuYK2HRMakinEOhzYp7pV4Pd16ErY2USNM+WDbuYK2HRMEkim:JShH9KAXk/86ShmKAhkzyDFqfg
                                                                                                                                                                                                                                                                                              MD5:4D47B6FFF866E887C096E74A02C8B248
                                                                                                                                                                                                                                                                                              SHA1:D1ABED7FDA085428D10B8DDE074DC67F0EEDC973
                                                                                                                                                                                                                                                                                              SHA-256:A45D7194BAFE7CA0C6C4E3B2358D646E632245C0070A83A0CA96A32870EFF6CD
                                                                                                                                                                                                                                                                                              SHA-512:BE4336E3913E2A34E441B00F503673DCC9502A3318431B0D2EA00C1931C892B1D614F6EE93BCB8D2CE4AF10F8B3215EE9D4AFA35BC9CBADDAEA6A50EE513CD4A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.L.7... ................c...*...y].....................6.......%-...|..%....|A.h.............................)b.*...y].........................................................................................................bJ......n........................................................................................................... .......7....{...............................................................................................................................................................................................*...y}.................................Z;.D%....|AB................y..R%....|A..........................#......h.......................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\SmsRouter\MessageStore\SmsInterceptStore.jfm

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.07371767135449064
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:jllijALpNtO6lT/DpE6lboZ6lVEpE698L3uOktillv5asllF/ww/ll:jllijupNfJcpWDAQXas1Hll
                                                                                                                                                                                                                                                                                              MD5:8DCE34E74184C429AD73939424E3274F
                                                                                                                                                                                                                                                                                              SHA1:44F72A496AEFE07A78C89E3D388C894D477B2A1B
                                                                                                                                                                                                                                                                                              SHA-256:E51D73FA33C375C2E989F753AA5AE475FA72727ED995051DFE5F661DFBA258B1
                                                                                                                                                                                                                                                                                              SHA-512:B3FFF9657F33FD2837AAE9F56846C75C292E50A9BA96279D7681AD281C89B9CF32DE122D023DFBE96DB710BBB140A83873AFC3C181683D12DF9A83DC3DABC55D
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.G.......................................*...y}.%....|A.%-...|..........%-...|..%-...|..Hy..%-...|.@................y..R%....|A.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\SmsRouter\MessageStore\edb.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):65536
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.28214775109313966
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:96:3Rtktoo1WktlL1YktZL1adkth2L1iplktBL1:3R2H5ZE
                                                                                                                                                                                                                                                                                              MD5:AD4A404E4BD37F5CB4F6405BCC674CC4
                                                                                                                                                                                                                                                                                              SHA1:154A6FCD175EAEB1D8519937CF3993CD477E12B4
                                                                                                                                                                                                                                                                                              SHA-256:39A15E3353B6A6CB80FE8EF717807105D7AA96576D885BCC23D5493793D5D16A
                                                                                                                                                                                                                                                                                              SHA-512:5350049D2E7FE8CF6879D9708323A83C60EA03A67B83BCE17B2F9FDB5B2EAC48EE01A791BF52F53F98DA99E606281491D62868D5934A8E2C28979EB11B997A45
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:sk.+............7....{.......zO.........<.....)b.*...y].................C:\ProgramData\Microsoft\SmsRouter\MessageStore\.....................................................................................................................................................................................................................C:\ProgramData\Microsoft\SmsRouter\MessageStore\......................................................................................................................................................................................................................0u........................5w......................................#......... ..................h.......6........c...*...y].................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.S.m.s.R.o.u.t.e.r.\.M.e.s.s.a.g.e.S.t.o.r.e.\.S.m.s.I.n.t.e.r.c.e.p.t.S.t.o.r.e...d.b..................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:MS Windows 95 Internet shortcut text (URL=<http://www.ccleaner.com/ccleaner>), ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):82
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.550468962332913
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:HRAbABGQYm/0S4YiyZhJArynQPKd4ovn:HRYFVm/r4Y9A+Qydlvn
                                                                                                                                                                                                                                                                                              MD5:E874843904A42397C1A78C267F1A85E7
                                                                                                                                                                                                                                                                                              SHA1:56D970E6F25001089700706F484366C32FD7B644
                                                                                                                                                                                                                                                                                              SHA-256:D037CA0BE3BB7853C2A7A540AF9E60A99C349210FBDAE5618825766B18C6C06D
                                                                                                                                                                                                                                                                                              SHA-512:8C244BFCFB0596F222AD4F62CA6BDDBA179250411F107B8E89D404496D489301B909CE905A0266D97E4E2FF1F412860A2DFCB9E7562006B5A147AA78F764851C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:[InternetShortcut]..URL=http://www.ccleaner.com/ccleaner..IconFile=..IconIndex=0..

                                                                                                                                                                                                                                                                                              C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon May 20 09:56:46 2024, mtime=Sun May 26 11:44:14 2024, atime=Mon May 20 09:56:46 2024, length=45430176, window=hide
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):881
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.500583372018022
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:8mAi/E20YX0Zh9Y65dpF4ygm676fxOjA6RkbdpzCbdpNs8wqdgmCt:8mAbDdimasyAkwddGdTs8Qm
                                                                                                                                                                                                                                                                                              MD5:ECA739418A1D30FB92386B93FE47D6A1
                                                                                                                                                                                                                                                                                              SHA1:63A3901D0A6A7856AFA4E854C0052F5AC4B5D0AF
                                                                                                                                                                                                                                                                                              SHA-256:868F3598B3820CA519D67F6EF1E72DC08CD986BA7C1E0C88B8BF169968FF7869
                                                                                                                                                                                                                                                                                              SHA-512:3FE6DFFE46A38E0BAAEA296BBED016BF59906E9CFCE5F90204C673B6776512A2CFE2F8B3BD8E9940C279B5D1F0364F6EE476D6E8B6B973B2BDBDB11BFC52AE2F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:L..................F.... ....+-h......rjj....+-h.....5...........................P.O. .:i.....+00.../C:\.....................1......X{e..PROGRA~1..t......O.I.X{e.....o..............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......X.e..CCleaner..B......X{e.X.e....yv.....................:..C.C.l.e.a.n.e.r.....j.2..5...X.W .CCLEAN~1.EXE..N......X.W.X.e..............................C.C.l.e.a.n.e.r.6.4...e.x.e.......W...............-.......V...........'.\/.....C:\Program Files\CCleaner\CCleaner64.exe..7.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.C.l.e.a.n.e.r.\.C.C.l.e.a.n.e.r.6.4...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.C.l.e.a.n.e.r.`.......X.......571345..............n4UB.. .|..o.(..]......P..#.....n4UB.. .|..o.(..]......P..#.E.......9...1SPS..mD..pH.H@..=x.....h....H......c-dSA....n.............

                                                                                                                                                                                                                                                                                              C:\ProgramData\Piriform\CCleaner\CCleanerProgramDeactivator.db

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 43, database pages 20, cookie 0x12, schema 4, UTF-8, version-valid-for 43
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):81920
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.7242627261302792
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:bl6/tX3QTyVq0Q0MFMVCVuVwJVwpVeVBoe/90z0wIFhaCBecRqCl1vNqRvGJhh0O:bmtXALQGi+ELb52am
                                                                                                                                                                                                                                                                                              MD5:473BE55D6CACB8EE67C38F0244DCF7B6
                                                                                                                                                                                                                                                                                              SHA1:72164883BA32B044B6D32D701C34B36AB6C03FD7
                                                                                                                                                                                                                                                                                              SHA-256:CFC85FD59C0EBEAAF161658B4C9BDEA2EBF252F09F755AC89E81326AACAA56F4
                                                                                                                                                                                                                                                                                              SHA-512:79846149206FF7DD7C2B81F74165A53FEA25B43E3FCC1E6BA9A23C7BF49365707D2A50F4BDCDB4A70163B92F5FC62110C5A2004BF9A4DBB8DC1C9754C4D57CE3
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ...+...................................................................+..j..............9...2.......V...N.....r...&.o..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\ProgramData\Piriform\CCleaner\CCleanerProgramDeactivatorCache.db

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
                                                                                                                                                                                                                                                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 12, database pages 21, cookie 0xd, schema 4, UTF-8, version-valid-for 12
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):86016
                                                                                                                                                                                                                                                                                              Entropy (8bit):2.688482422022539
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:384:hkEJwPtrHzjiMhOifuo4315M4YM/LkEJwPF7:hkEJwPVHzeMhOUuo431u4YM/LkEJwPN
                                                                                                                                                                                                                                                                                              MD5:0B43A8DA1C20A0D698D4F1C1CCC54D01
                                                                                                                                                                                                                                                                                              SHA1:697EC273BAD1EBBB3E08B8DAA3233429471DE328
                                                                                                                                                                                                                                                                                              SHA-256:3D57CD474801C460D1BC35294A646F720C1BD39205C5B830D2EC734CA414DC1F
                                                                                                                                                                                                                                                                                              SHA-512:6BC43E7852905771B6355B7E8E4D5E1C3CE62BB46B869F0EDA0EF806C6FAC5D558E15E3A833DA57DB2A87A7010E8B3D7D70E26BA56EB5278CCDC4B256A76BDD7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:SQLite format 3......@ ..........................................................................j...N...z..V.........0.h.....A.....%.....6.z..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\ProgramData\Piriform\CCleaner\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\44ED97C8-2D40-4A50-913D-673F6858B9AF

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):137
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.484536966843717
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:lgJJM0hGM1JJM0hA7D3E889pLcXgPv/6KG4jL3W3Flj:2JMuNJMuY3cIwPd8
                                                                                                                                                                                                                                                                                              MD5:343DB94944E2B20141AF6E110C526616
                                                                                                                                                                                                                                                                                              SHA1:3245BCBA2CA4278F34BAF79558A0342BBC3E8D33
                                                                                                                                                                                                                                                                                              SHA-256:E6A2FC7F7655B5638C0D14D99CC4818DCB8CE23CA8D4A98570DA53BB4973318A
                                                                                                                                                                                                                                                                                              SHA-512:DA5ED4583B9C99160C14AE15E7B7187460BC77620E1B82C22A75225411C2C1971110816F9A62FE7AA352978643C8CA4B93FCE7BA4A88E97B25FACB5301A44F49
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:..To Be Filled By O.E.M...To Be Filled By O.E.M..(Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz .....*.ASRockRack2.Intel 906ed8.@@.H.P.|X..`..

                                                                                                                                                                                                                                                                                              C:\ProgramData\Piriform\CCleaner\burger_client\8866F8A9-70C9-43A2-BFBE-EE00AA2DC417\fd071243-eee8-4134-9031-bcc429f6c6f0

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):662
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.381138834475141
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:12:CUQCIPwcdEQiqWymJS4rcZ1Facqi5sZoD1Y3oHyzNGz:CUQCBeED3Q44UHWhYLNGz
                                                                                                                                                                                                                                                                                              MD5:8DF38CD1C1EB7E408F4F318B8C147C6E
                                                                                                                                                                                                                                                                                              SHA1:B8A524A1BFE8A6B855F8695937D54F082A335519
                                                                                                                                                                                                                                                                                              SHA-256:3FA9E09D8753061422C644792A2BCD0562FF59D97F6CF6B1BA2F80DA5FD16485
                                                                                                                                                                                                                                                                                              SHA-512:DADED4A0F80E948D9254C367E121640FE4AA2FFBDC58F65281966F8F157643450FC20A8C2E6201253E5514B3D987DCB35B6E2883940B32679EF8747C5DFEF11C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:burgerdata..................................z..O......tw..Xq.B..K.L..5...........f...... ...$Q~5.#.y..h.(..t..Q.X{r;.8..;............. .....V=...C.......k.l...M.Q3z..0........e..rk4[..4...)..P.V..{F9.A|......%\...[..&;..R)..S0..c'H..~)m.e.....I&E.....9.D}.3..z$....Wg.t.;..f|]..X...\DF..)..%....H...s."Viow.US.)Y.. ....S....Vr.]..*xm..r.....Bw...i...+I: .....#....o....I.v...!.....D3./.#!...1..8.".....%.;].j..\C_.....y.(....g.'..V......X..&.~#.@...w]...N..7..2.C....h.(.y.j.....E...o.F..!C......v..D@..k.C.nNC.`..E..P....X..s=T......W~....9|...p..WS..8!.0..4.c>...@...PP.*v2.i{6d%.*..'A.an..B.p wB]......JZ.2...6?2...2.....T.^..N^.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\LocalLow\Intel\ShaderCache\56245e6b42b1ab69f485d661ec34b45d4807d807c9525a102574370cf10ac7aa

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):9513
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.86677531042735
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:192:prZunoUZpf0N3e1nD0V4nEvvVtOFg5Vp710c3KOmcgWfXKF/j1:pc0Nu50agLOwVp710cNmo/K91
                                                                                                                                                                                                                                                                                              MD5:667E3678640745ADF57BB0F9AD7B1091
                                                                                                                                                                                                                                                                                              SHA1:375455753F175583F699DED71F508B2DF14FEDA8
                                                                                                                                                                                                                                                                                              SHA-256:EDE408D15168B002B276A6AD4D482F4A91944D8108E2004F4A733251B8BE72F1
                                                                                                                                                                                                                                                                                              SHA-512:05A385CD5DCEA921464D94475621013A33417ACEDC435F86425DEEC1E583D963231AF1C05A45DB99024553D6C641D57CA831A3B0D02CA19326EC41DEB55A4B12
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:INSC.>.....Mar222021151921..v........H...g..1..3.cv.................D....................J..Xx.c`@.;....gd``...)0..G.h........N.............ay.$..T.R..... .".H...... Y........!.A.....^9F..X!|= ......P...F..!...W...>....FL......l...............@.^.5(B}h../....|.}Ty.(.(..I....2nF.v.r..].`..&................L.3.G+.+00\..~..Pq...$_]T..k.......^.30.3p4A.'...GjB..+...>...E........z..G'.~."...#..............................S.#-..x..T.N.0.>.M(?m\......'h3u!b.\)........)}...G`...."1 .../.E.E".N.....|..l.C.3....^.D~@:(.@.!`...[....6k`.a.5..0`..."...........y...o..x2........A..*e._?.\.R......Fo6..].k\[.u....u..o3.`..;n..&....a.#P....c....)].4gw..;V7..K....P...)D(gd..".h:.1.G|...-.5e.........K..e.d.............s~.@...o..VzjV...q....J..@..E"=.j2z...;A.n..ir...zID.|`.z.N......g>l.....?."......!..;T.0.g..`5..S...m....+....+7.........................~.!.x.c`@.....gd``...)0..G.h....x`&.N......% ..YX^....3.(_..@43H...R+.. . = z.....X...4...-`.....?..B..V..6C....\..

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000002.dbtmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Xv:1qIF/
                                                                                                                                                                                                                                                                                              MD5:206702161F94C5CD39FADD03F4014D98
                                                                                                                                                                                                                                                                                              SHA1:BD8BFC144FB5326D21BD1531523D9FB50E1B600A
                                                                                                                                                                                                                                                                                              SHA-256:1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
                                                                                                                                                                                                                                                                                              SHA-512:0AF09F26941B11991C750D1A2B525C39A8970900E98CBA96FD1B55DBF93FEE79E18B8AAB258F48B4F7BDA40D059629BC7770D84371235CDB1352A4F17F80E145
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000002.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.ldb

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):72215
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.621452309662532
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:1536:utRkNiCT54nVXZI3D5blAuAVTgJVdnUUCYcKAA:OREFTOnVXZI3FbJGMrQk
                                                                                                                                                                                                                                                                                              MD5:3C8471C7BCCACC8BB16830C8942CD961
                                                                                                                                                                                                                                                                                              SHA1:98D7E08B56FA99AC242CD77FD442D14BDCAF23D1
                                                                                                                                                                                                                                                                                              SHA-256:C8BFE13BF21BD6D606DEF6068A7F47DADB4D6A0CFDCB0FF3F635E87255C3BA55
                                                                                                                                                                                                                                                                                              SHA-512:1068930F0663F949E712DDBCD8D8D89DF4F3B7D8FCC382E097DA1CD6F4561775DB8D089CEC5EBBA5CA96C7B6E1FF809C6BD9D7C376A2AE61537BD558612828AD
                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.!.>.@.META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm.S.....8......D.............9..............9..........,....%.https://account.microsoft.com.r..5..............lldrivers4devices.net.[..,p........."...consent.trustarc.V.@.)......... .....fpt2:...u.)......0*...get.adobe.L.2.#............(.............3.8..0."\.".recoveringlib.blogspo...].%.........'(..Y........(.(.windows--..-x046K.._.6......6@...ww.autoitscrip.t.|.)......!s$.....googl.....!8..........#.EO1..www..3.w.3......T......m......%.......f...........a..8.............T.........r...6.....%....m.#.......%...............E. .....java%..B......A)......;........b4.....VERSION.....1.Y._._.(.mr.persistA.8CloudProvider.I.].Q.7......{"c.#.Enabled":false,"notifiedHangoutsPrivacy. 8}D..IdentitySeraF..J.Q.S.6....(.{"signedIn.8l,"userEmail":null,"kioskAuth.# }9(.temp..z.SinkDisE..l.K.a..a;.$.~d.....d!!.ache":..$nks":{},"g...h.. },"manual...%.}Y.....F.Y.;.....Q.8>..LogManager.L.P.H........c.["[2021-08-18 12:11:4

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Xv:1qIF/
                                                                                                                                                                                                                                                                                              MD5:206702161F94C5CD39FADD03F4014D98
                                                                                                                                                                                                                                                                                              SHA1:BD8BFC144FB5326D21BD1531523D9FB50E1B600A
                                                                                                                                                                                                                                                                                              SHA-256:1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
                                                                                                                                                                                                                                                                                              SHA-512:0AF09F26941B11991C750D1A2B525C39A8970900E98CBA96FD1B55DBF93FEE79E18B8AAB258F48B4F7BDA40D059629BC7770D84371235CDB1352A4F17F80E145
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000002.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):334
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.2442998832986625
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:D7fOiyq2PCN23iKKdK8a2jMGIFu67fOf1ZmfD7fOJRkwOCN23iKKdK8a2jMnv:D7fryv15Kk8EFb7fcQ7fMR5e5Kk8Qv
                                                                                                                                                                                                                                                                                              MD5:589D4C2FF49D1C000153CEEC739E728C
                                                                                                                                                                                                                                                                                              SHA1:FE9F7711DED245A4282A67F8D89F51755133C4A7
                                                                                                                                                                                                                                                                                              SHA-256:8D734F2852B02609814893186A6F13F57CD95C13BBFE3E751348001659966823
                                                                                                                                                                                                                                                                                              SHA-512:07679C0D627CF21162220C9AB4F130FBB2C3CA9B53C5E094BCF43BB8D8DE53CE7B1E45F604B8F76D324C53283819C9DDFD81638C325019D6D22E2FE208FF19EC
                                                                                                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:2024/05/26-08:44:33.696 1570 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000002.2024/05/26-08:44:33.697 1570 Recovering log #4.2024/05/26-08:44:33.697 1570 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000004.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):334
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.2442998832986625
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:D7fOiyq2PCN23iKKdK8a2jMGIFu67fOf1ZmfD7fOJRkwOCN23iKKdK8a2jMnv:D7fryv15Kk8EFb7fcQ7fMR5e5Kk8Qv
                                                                                                                                                                                                                                                                                              MD5:589D4C2FF49D1C000153CEEC739E728C
                                                                                                                                                                                                                                                                                              SHA1:FE9F7711DED245A4282A67F8D89F51755133C4A7
                                                                                                                                                                                                                                                                                              SHA-256:8D734F2852B02609814893186A6F13F57CD95C13BBFE3E751348001659966823
                                                                                                                                                                                                                                                                                              SHA-512:07679C0D627CF21162220C9AB4F130FBB2C3CA9B53C5E094BCF43BB8D8DE53CE7B1E45F604B8F76D324C53283819C9DDFD81638C325019D6D22E2FE208FF19EC
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:2024/05/26-08:44:33.696 1570 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000002.2024/05/26-08:44:33.697 1570 Recovering log #4.2024/05/26-08:44:33.697 1570 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000004.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old~RFb2c1b.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):334
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.2442998832986625
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:D7fOiyq2PCN23iKKdK8a2jMGIFu67fOf1ZmfD7fOJRkwOCN23iKKdK8a2jMnv:D7fryv15Kk8EFb7fcQ7fMR5e5Kk8Qv
                                                                                                                                                                                                                                                                                              MD5:589D4C2FF49D1C000153CEEC739E728C
                                                                                                                                                                                                                                                                                              SHA1:FE9F7711DED245A4282A67F8D89F51755133C4A7
                                                                                                                                                                                                                                                                                              SHA-256:8D734F2852B02609814893186A6F13F57CD95C13BBFE3E751348001659966823
                                                                                                                                                                                                                                                                                              SHA-512:07679C0D627CF21162220C9AB4F130FBB2C3CA9B53C5E094BCF43BB8D8DE53CE7B1E45F604B8F76D324C53283819C9DDFD81638C325019D6D22E2FE208FF19EC
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:2024/05/26-08:44:33.696 1570 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000002.2024/05/26-08:44:33.697 1570 Recovering log #4.2024/05/26-08:44:33.697 1570 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000004.log .

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000002

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:MPEG-4 LOAS
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):189
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.219599070124853
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Ukk/vxQRDKIVJ/OxU0RhyeyRuWOKjb9stYerSL8TiGKYkWrAQyRuug6YGAWE:oO7JmxHAuKNeGL8hp78RuNGQ
                                                                                                                                                                                                                                                                                              MD5:F950682143EEAE3DB5113BACC9E4832A
                                                                                                                                                                                                                                                                                              SHA1:409F427B1845F640BAC39F6F2B8B1814DCCED20D
                                                                                                                                                                                                                                                                                              SHA-256:F0839EA773C351F1CDB7BF568CC5689C195690D94476CE7031F87F8F36C6267B
                                                                                                                                                                                                                                                                                              SHA-512:192FE81B56542BA72B0DD9898BCFB081914A8F4DAA42DA423326D9E98276E00E2368767035719594AB230AC7E455959D717DAC95924F9727D7AFAF681EB87A39
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:V........leveldb.BytewiseComparator_@...................@META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm.S......B_https://www.java.com..truste.eu.cookie.notice_preferences.H......

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000002.dbtmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Xv:1qIF/
                                                                                                                                                                                                                                                                                              MD5:206702161F94C5CD39FADD03F4014D98
                                                                                                                                                                                                                                                                                              SHA1:BD8BFC144FB5326D21BD1531523D9FB50E1B600A
                                                                                                                                                                                                                                                                                              SHA-256:1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
                                                                                                                                                                                                                                                                                              SHA-512:0AF09F26941B11991C750D1A2B525C39A8970900E98CBA96FD1B55DBF93FEE79E18B8AAB258F48B4F7BDA40D059629BC7770D84371235CDB1352A4F17F80E145
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000002.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.ldb

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):238
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.193060088380666
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:gxkllWDSLsOg00L3lbNrkX492QGXMFRAPgCTc8602jnJl5fllllkW/PsoctlkSRp:gillWOLsPZV5KU7BCQ8knJ/cWOXB0urt
                                                                                                                                                                                                                                                                                              MD5:D786EBFCC37067AC45A5A71BC924E085
                                                                                                                                                                                                                                                                                              SHA1:466CDFD22A69BBE022AC0B1DB6D186B7EDEC781B
                                                                                                                                                                                                                                                                                              SHA-256:51ED6E48073D803FFA6451FD92FD141E4CBB277E21CFD27639470736DD127410
                                                                                                                                                                                                                                                                                              SHA-512:1E1D21275E9EDA9556D3D71AC4FCD5786172F7927227E98300856213AA8FA6D1DF865EA45D34152F825A211F732F203FA9931630242296041D40A6F5815621DB
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:..x.!.META:https://www.bing.com.....X........L...VERSION......1.5._N>.h..cib__firstTimeAccessed.....L.1691263998736...vsFB,....+2,.$40...........M..............`....................c.E@........................................W...$uG.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000005.dbtmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Qv:1qIFQv
                                                                                                                                                                                                                                                                                              MD5:9F36605EFBA98DAB15728FE8B5538AA0
                                                                                                                                                                                                                                                                                              SHA1:6A7CFF514AE159A59B70F27DDE52A3A5DD01B1C8
                                                                                                                                                                                                                                                                                              SHA-256:9C283F6E81028B9EB0760D918EE4BC0AA256ED3B926393C1734C760C4BD724FD
                                                                                                                                                                                                                                                                                              SHA-512:1893AA3D1ABCF7F9E83911468FA2EEB2AD1D7E23F4586BD6C4D76F9F96A645C15E63E44DA55700347165E97B6AC412E6D495B81C3DA9FAA61D617C7A71A7404C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000005.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000007.dbtmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Sv:1qIFSv
                                                                                                                                                                                                                                                                                              MD5:18E723571B00FB1694A3BAD6C78E4054
                                                                                                                                                                                                                                                                                              SHA1:AFCC0EF32D46FE59E0483F9A3C891D3034D12F32
                                                                                                                                                                                                                                                                                              SHA-256:8AF72F43857550B01EAB1019335772B367A17A9884A7A759FDF4FE6F272B90AA
                                                                                                                                                                                                                                                                                              SHA-512:43BB0AF7D3984012D2D67CA6B71F0201E5B948E6FE26A899641C4C6F066C59906D468DDF7F1DF5EA5FA33C2BC5EA8219C0F2C82E0A5C365AD7581B898A8859E2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000007.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000009.dbtmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//cv:1qIFcv
                                                                                                                                                                                                                                                                                              MD5:979C29C2917BED63CCF520ECE1D18CDA
                                                                                                                                                                                                                                                                                              SHA1:65CD81CDCE0BE04C74222B54D0881D3FDFE4736C
                                                                                                                                                                                                                                                                                              SHA-256:B3524365A633EE6D1FA9953638D2867946C515218C497A5EC2DBEF7DC44A7C53
                                                                                                                                                                                                                                                                                              SHA-512:E38F694FD6AB9F678AE156528230D7A8BFB7B59A13B227F59F9C38AB5617DB11EBB6BE1276323A905D09C4066A3FE820CF58077AB48BF201F3C467A98516EE7A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000009.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000011.dbtmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.375
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV/+2n:1qINn
                                                                                                                                                                                                                                                                                              MD5:6DE46ED1E4E3A2CA9CF0C6D2C5BB98CA
                                                                                                                                                                                                                                                                                              SHA1:E45E85D3D91D58698F749C321A822BCCCD2E5DF7
                                                                                                                                                                                                                                                                                              SHA-256:A197CC479C3BC03EF7B8D2B228F02A9BFC8C7CC6343719C5E26BEBC0CA4ECF06
                                                                                                                                                                                                                                                                                              SHA-512:710620A671C13935820ED0F3F78269F6975C05CF5F00542EBC855498AE9F12278DA85FEEF14774206753771A4C876AE11946F341BB6C4D72EBCD99D7CFF20DCD
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000011.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000013.dbtmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.5
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV/+on:1qInn
                                                                                                                                                                                                                                                                                              MD5:A6813B63372959D9440379E29A2B2575
                                                                                                                                                                                                                                                                                              SHA1:394C17D11669E9CB7E2071422A2FD0C80E4CAB76
                                                                                                                                                                                                                                                                                              SHA-256:E6325E36F681074FCCD2B1371DBF6F4535A6630E5B95C9DDFF92C48EC11CE312
                                                                                                                                                                                                                                                                                              SHA-512:3215A0B16C833B46E6BE40FE8E3156E91EC0A5F5D570A5133B65C857237826053BF5D011DE1FCC4A13304D7D641BCBA931178F8B79EE163F97EB0DB08829E711
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000013.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:1sjgWIV//Xv:1qIF/
                                                                                                                                                                                                                                                                                              MD5:206702161F94C5CD39FADD03F4014D98
                                                                                                                                                                                                                                                                                              SHA1:BD8BFC144FB5326D21BD1531523D9FB50E1B600A
                                                                                                                                                                                                                                                                                              SHA-256:1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
                                                                                                                                                                                                                                                                                              SHA-512:0AF09F26941B11991C750D1A2B525C39A8970900E98CBA96FD1B55DBF93FEE79E18B8AAB258F48B4F7BDA40D059629BC7770D84371235CDB1352A4F17F80E145
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MANIFEST-000002.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):148
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.502284873784882
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:tR844neLGFZZmy/Xm54eW6VVVWpkSV8OvXm54eW6VVVWpkSWF2:F4neyZmyfmWJqVxSVdXmWJqVxSL
                                                                                                                                                                                                                                                                                              MD5:FDC2F7FA04F96AC937C940FE93D3B218
                                                                                                                                                                                                                                                                                              SHA1:CA2695938455C02671F1F52D76C5B4782CB944BF
                                                                                                                                                                                                                                                                                              SHA-256:A830CD486916A86DB56C847C0F952011860B06207718A6D349D9856F3CE6FB93
                                                                                                                                                                                                                                                                                              SHA-512:D658BA61137DF21B76A7EF6714FEC601C67DC09B256B1F804B995EA98A74CCB68241F32C7684874E6B5873DC00570FEEAC165400CCAB58367881AEABE4C94C14
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:2024/06/02-19:34:34.000334 5bc Recovering log #12.2024/06/02-19:39:39.000359 5bc Delete type=0 #12.2024/06/02-19:39:39.000359 5bc Delete type=3 #11.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):148
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.502284873784882
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:tR844neLGFZZmy/Xm54eW6VVVWpkSV8OvXm54eW6VVVWpkSWF2:F4neyZmyfmWJqVxSVdXmWJqVxSL
                                                                                                                                                                                                                                                                                              MD5:FDC2F7FA04F96AC937C940FE93D3B218
                                                                                                                                                                                                                                                                                              SHA1:CA2695938455C02671F1F52D76C5B4782CB944BF
                                                                                                                                                                                                                                                                                              SHA-256:A830CD486916A86DB56C847C0F952011860B06207718A6D349D9856F3CE6FB93
                                                                                                                                                                                                                                                                                              SHA-512:D658BA61137DF21B76A7EF6714FEC601C67DC09B256B1F804B995EA98A74CCB68241F32C7684874E6B5873DC00570FEEAC165400CCAB58367881AEABE4C94C14
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:2024/06/02-19:34:34.000334 5bc Recovering log #12.2024/06/02-19:39:39.000359 5bc Delete type=0 #12.2024/06/02-19:39:39.000359 5bc Delete type=3 #11.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000002

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:MPEG-4 LOAS
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):145
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1482104722019235
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Ukk/vxQRDKIV027knhMXOgMWDSLsOlTVYrSLsn6awGwRAW//ln:oO7NihM0WOLssVYGLsbba1
                                                                                                                                                                                                                                                                                              MD5:2491A36676895FAEA27596A9D11949ED
                                                                                                                                                                                                                                                                                              SHA1:64C0B1811C4243629C6CD49D108DA4277455A0E9
                                                                                                                                                                                                                                                                                              SHA-256:B4A3661B349585EC11140C4C813FFC4FAB5656BA08906E8EB045C4283B9ADFA7
                                                                                                                                                                                                                                                                                              SHA-512:2E9A4B0698B469865FDF4E23AFAAF0FCCCBDDAB38AF5FA6DBC647651A000F709109038A8CAAB5393A5A14F129E132B68A739EAC692D14DB14BAA58323FA1C87C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:V........leveldb.BytewiseComparator.t..g...............!META:https://www.bing.com........7_https://www.bing.com..cib__vsFirstTimeAccessed........

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000005

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):145
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.18678721732905
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:QsxQRDKIVgkBgMWDSLsOlTVYrSLsn6awGwRAW//lft5V:QX7gkDWOLssVYGLsbbar5V
                                                                                                                                                                                                                                                                                              MD5:DAE7D7F5B99FB922B6D6DEE12BB82D1E
                                                                                                                                                                                                                                                                                              SHA1:41CA3600BFCC73C6E4DB7B69914D4A05FDB26ABB
                                                                                                                                                                                                                                                                                              SHA-256:24F0BE844CCE8B09F0A5C69DBF07768F0D71DA188375143D2FE6BA51CA0671FB
                                                                                                                                                                                                                                                                                              SHA-512:6503CDBBE790C66363CA124688EA2A697B023378CF2F6C99C04DD94FEC0D97E845580560ADCD548EFEA6919DB17EA3244614C5B2314C2E19507C9BE2E46685A3
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:j.Z.{....leveldb.BytewiseComparator.....!META:https://www.bing.com........7_https://www.bing.com..cib__vsFirstTimeAccessed........;\f............

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000007

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):145
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.191993338033626
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:QsxQRDKIVgkBgMWDSLsOlTVYrSLsn6awGwRAW//lLFue8s3:QX7gkDWOLssVYGLsbbaPl3
                                                                                                                                                                                                                                                                                              MD5:EB6889482674F6DC003A40CC6E5A786B
                                                                                                                                                                                                                                                                                              SHA1:B94E8AB56501F0ECA2462CC780D6BF82557CD343
                                                                                                                                                                                                                                                                                              SHA-256:688D2EAA3E62ACB89275BD9B58C8E30996D39F78A196103720D36E4C5899B063
                                                                                                                                                                                                                                                                                              SHA-512:489C286120926F48092BACE0D766B557943EFFAB1CEFAD6E85A9BF75A177CFAF794A1A328A62505DAB03520ABCAFA4C831CAB1A98CB735E267BE0DA3108169B7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:j.Z.{....leveldb.BytewiseComparator.....!META:https://www.bing.com........7_https://www.bing.com..cib__vsFirstTimeAccessed.......................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000009

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):145
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.219579544930178
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:QsxQRDKIVgkBgMWDSLsOlTVYrSLsn6awGwRAW//l/Yeh:QX7gkDWOLssVYGLsbba2eh
                                                                                                                                                                                                                                                                                              MD5:860588AF272FE8921266530595B18707
                                                                                                                                                                                                                                                                                              SHA1:FB9CDC6AA447E38BDBC6E5CD9BBA6DC791BF1448
                                                                                                                                                                                                                                                                                              SHA-256:EEB8482B13402BE900E71E9DF8AA7432BC5E0640EB0066E683CA52FC77D89FC2
                                                                                                                                                                                                                                                                                              SHA-512:55BDD0DA2529390A9C7D2559392899114118C171E358D666412B76D8693F5604073E4D41F6A428DB4E80DB1F38A7BACD931E5717AAEA614072331F8310E545F2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:j.Z.{....leveldb.BytewiseComparator.....!META:https://www.bing.com........7_https://www.bing.com..cib__vsFirstTimeAccessed.......................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000011

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):145
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.175796679098475
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:QsxQRDKIVgkBgMWDSLsOlTVYrSLsn6awGwRAW//lWpEv:QX7gkDWOLssVYGLsbbaoEv
                                                                                                                                                                                                                                                                                              MD5:42025FF4F5C77E8BA6A5F5933BF08EB7
                                                                                                                                                                                                                                                                                              SHA1:5D3D8DEC72B7DD204B734B6EA144E01223045FD2
                                                                                                                                                                                                                                                                                              SHA-256:81D600B2297BABDAA92106A1DBB1DBBC331D0BBF0F2FD1312859DE5880F16A4C
                                                                                                                                                                                                                                                                                              SHA-512:E487E509B95F9108A34ED9DBC49E46E1D4A04D1B67241988C9EC3D1B8315D651D4F1A4030C76F5A5E3A366D6708B54ABBF285DD76CA06F7CFEC6237DC03A9811
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:j.Z.{....leveldb.BytewiseComparator.....!META:https://www.bing.com........7_https://www.bing.com..cib__vsFirstTimeAccessed........ .w............

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000013

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):145
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.1971994587382015
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:QsxQRDKIVgkBgMWDSLsOlTVYrSLsn6awGwRAW//lXGPq3:QX7gkDWOLssVYGLsbbal3
                                                                                                                                                                                                                                                                                              MD5:0358E12B63F85F7FF2EBC5A53C4546F6
                                                                                                                                                                                                                                                                                              SHA1:86F03EC0517F4B18A2294C03F73FAE44B1750F62
                                                                                                                                                                                                                                                                                              SHA-256:05E289DBC3115ADE0552A9DA7D1DBE49D8FD5BBFAA33EB52D510B5298C2F81AB
                                                                                                                                                                                                                                                                                              SHA-512:8400BA43F50198E7301B102D640981F82D33C61359F83C9FD6D1B82B167B7FF6C7D80186D511C0020DB1999175901D977F634B64EA257602B87B27881C738195
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:j.Z.{....leveldb.BytewiseComparator.....!META:https://www.bing.com........7_https://www.bing.com..cib__vsFirstTimeAccessed........r.R............

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\46BKFKIN\8LRSBGOT.txt

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:Generic INItialization configuration [Common]
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1024
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.464580639000491
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:yUWbEwlrFWxvaSqeJVpgUKy8ir6hjaShslk:yxQwe5qeJrgUxOhHGlk
                                                                                                                                                                                                                                                                                              MD5:6BC4755C196922C50BEE767F34E1C30D
                                                                                                                                                                                                                                                                                              SHA1:E837084B7BB5CD54624F516C5DA82A8B1FD66446
                                                                                                                                                                                                                                                                                              SHA-256:01CC9DB1CFFCD47444C7C8C9530FE69876769318B9ECBF6610DF0C337EFB98C9
                                                                                                                                                                                                                                                                                              SHA-512:1C05C666D1C4150EDD4CCBCFEE93A704BB9C5B31096CC8A55FA9A41C718538760D69C2BC24301AC5A4E341CB52FFFB406295B05EF56102DE45A6EF8510BC4901
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:[Encrypt]..ABTestingNames=HealthCheckNF..CCPOC=DISABLED..DTNP=1200..DUNP=900..[Common]..AlphaIntegration=1..AlphaMigration=1..AU2=1..CCNU=0..DriverScanInterval=7..DriverUpdater=1..DriverUpdaterVersion=1..DumpReporting=1..DUSkipOnboarding=0..HCSkipAdvanced=0..HealthCheck=1..HealthCheckIpm=1..HealthCheckNF=1..HealthCheckVersion=1..HideRegistry=1..NotificationCentre=1..OPSWATSoftwareUpdater=1..OPSWATSoftwareUpdaterHC=1..PC=0..PE=1..PENP=27..PerformanceOptimizerVersion=1..POSkipOnboarding=0..PrivacyPolicyDate=2022-07-14..QuickCleanIpm=1..REU=90..ShowOffers3rdParty=1..SoftwareUpdater=1..SoftwareUpdaterIpm=1..SPERDI=8..SRDI=8..SUExclusions=tp41,tp308,tp458,tp756,tp848,tp3029,tp3031,tp3087,tp3103,tp3149,tp3197,tp3326,tp3364,tp3596,tp3648,tp3660,tp3676,tp3701,tp3716..Survey-Uninstall=false..TrialOnboarding=1..UpgradeButtonAppearance=1..WelcomeScreen=0..[Signature]..Signature=ASWSig2A3034A5A1F5E6B2AF5D13D1316624949896B3EC73ACB9C5AEE0CEE78100E01F18400FD55E3D5D1044146DE8AB578442EDEA4E22F929EBA557

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\7LE4YNMI\62EO1T2P.txt

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:Generic INItialization configuration [Common]
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1024
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.464580639000491
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:yUWbEwlrFWxvaSqeJVpgUKy8ir6hjaShslk:yxQwe5qeJrgUxOhHGlk
                                                                                                                                                                                                                                                                                              MD5:6BC4755C196922C50BEE767F34E1C30D
                                                                                                                                                                                                                                                                                              SHA1:E837084B7BB5CD54624F516C5DA82A8B1FD66446
                                                                                                                                                                                                                                                                                              SHA-256:01CC9DB1CFFCD47444C7C8C9530FE69876769318B9ECBF6610DF0C337EFB98C9
                                                                                                                                                                                                                                                                                              SHA-512:1C05C666D1C4150EDD4CCBCFEE93A704BB9C5B31096CC8A55FA9A41C718538760D69C2BC24301AC5A4E341CB52FFFB406295B05EF56102DE45A6EF8510BC4901
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:[Encrypt]..ABTestingNames=HealthCheckNF..CCPOC=DISABLED..DTNP=1200..DUNP=900..[Common]..AlphaIntegration=1..AlphaMigration=1..AU2=1..CCNU=0..DriverScanInterval=7..DriverUpdater=1..DriverUpdaterVersion=1..DumpReporting=1..DUSkipOnboarding=0..HCSkipAdvanced=0..HealthCheck=1..HealthCheckIpm=1..HealthCheckNF=1..HealthCheckVersion=1..HideRegistry=1..NotificationCentre=1..OPSWATSoftwareUpdater=1..OPSWATSoftwareUpdaterHC=1..PC=0..PE=1..PENP=27..PerformanceOptimizerVersion=1..POSkipOnboarding=0..PrivacyPolicyDate=2022-07-14..QuickCleanIpm=1..REU=90..ShowOffers3rdParty=1..SoftwareUpdater=1..SoftwareUpdaterIpm=1..SPERDI=8..SRDI=8..SUExclusions=tp41,tp308,tp458,tp756,tp848,tp3029,tp3031,tp3087,tp3103,tp3149,tp3197,tp3326,tp3364,tp3596,tp3648,tp3660,tp3676,tp3701,tp3716..Survey-Uninstall=false..TrialOnboarding=1..UpgradeButtonAppearance=1..WelcomeScreen=0..[Signature]..Signature=ASWSig2A3034A5A1F5E6B2AF5D13D1316624949896B3EC73ACB9C5AEE0CEE78100E01F18400FD55E3D5D1044146DE8AB578442EDEA4E22F929EBA557

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B0ZBZFKQ\info[1].json

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:JSON data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):364
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.910411562586484
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:YMKUcns7XK4d+2pHMAaNmXHNA8R3b5AW+1ChmzUM29f9UppXcfAnMvDEL1nlUppt:YZrI6++2pHMAaNmTR3h+imQM29fSCDiu
                                                                                                                                                                                                                                                                                              MD5:2FA5359DFEF2DE3B27217C0074DB0CC8
                                                                                                                                                                                                                                                                                              SHA1:763F73A17BB895B403B91E02BF023081D90EA96D
                                                                                                                                                                                                                                                                                              SHA-256:764C80AB3904378EE0DF01C389A8B504EF3F8818404A07BE831C124959C5E7B1
                                                                                                                                                                                                                                                                                              SHA-512:3D3E7FF3FCDED4C978EA4ADBED066FC97632262E6609FE31DFE56759D1113435601F2CD5A1FF55DB047E0CBBE93A0A8C819301F10B1B5B9D39E9779D3ED66B09
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:{"ip":"102.165.48.88","continent":"North America","continentCode":"NA","country":"US","countryName":"United States","subdivisions":["DC"],"city":"Washington","timezone":"America/New_York","latitude":38.894,"longitude":-77.0365,"isp":"Cogent Communications","asnNumber":174,"asnOrganization":"COGENT-174","organization":"Cogent Communications","postalCode":"56972"}

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\L2D128LW\app_cc_pro_trialkey[1]

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):24
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.8035088547976788
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:xoSrzIObn:xhjbn
                                                                                                                                                                                                                                                                                              MD5:4ACA4C7925AEEE3811270ADC068F1D94
                                                                                                                                                                                                                                                                                              SHA1:9B5F502C4F8FD9DDC7C3DC46C60E8295A5FD46CE
                                                                                                                                                                                                                                                                                              SHA-256:07D064338089968431DCC1FE0E7731E9234B2E34CE5D41E86EA39E856779041C
                                                                                                                                                                                                                                                                                              SHA-512:159D5FB689CF6AD99F8DC4BD62262552530AD57B273E54BEBC451D8CAB2F46206C56C898E8FB84AC4FEAC377B40F1E2CACE6DCD680BA515633B8C9F6AE860EC5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:CJ9T-J7CU-SPNV-GWMB-WBEC

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.chk

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):8192
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.4019794637543155
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:Otgr0dnoNCN23oH+H1HNCN23oH+H1ptTlGtgr0dnoNCN23oH+H1HNCN23oH+H1pf:OigOvYeVHvYeVPlGigOvYeVHvYeVPl
                                                                                                                                                                                                                                                                                              MD5:4A96E32750A01350D618173DA171DAF6
                                                                                                                                                                                                                                                                                              SHA1:27F11E53B564429CF0C27F45B837DCD7C7E2ACF3
                                                                                                                                                                                                                                                                                              SHA-256:21542AF7FE7803D10823AC1FC67142BDBB6EC6B90A1C588FBB2FEC464144CED0
                                                                                                                                                                                                                                                                                              SHA-512:EE5FE62FC672342871621CFD4093690EE8C5E1ACF923DDF85A8FC45DAAFD7056F9973BE63562CE27AC74324888B9B52B7A7552A80A82B0D7D7DA1D861D731044
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.+.K............A.....Be ....y7.................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\............................................................................................................................................................................................................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\.................................................................................................................................................................................................................,...@.......~.........5w.....................................................A...........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\V01.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):524288
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0775605412194598
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:96:USLNLGNL0bwTNLWXNL3AeyJ6NLHNLHs1NLINL:US5WjWLhys5kY
                                                                                                                                                                                                                                                                                              MD5:4F6B83858895927B55F396F13A4EBCC6
                                                                                                                                                                                                                                                                                              SHA1:41BC478DCF2DB38B99706E60920093890F798439
                                                                                                                                                                                                                                                                                              SHA-256:65E8235404D37955E94A4C0B55F8FFAA944B8F75F7FF0FFA245BE7957AC7810A
                                                                                                                                                                                                                                                                                              SHA-512:30ACF1D246F9FAEE5AAB3BDCA6DA71AC7E9B4EEFC287C29A5FD228AA0345737E3759F8DBD56269C4BE317CD030C8447F2B5CE7D7D8864B563861B84829F20E49
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:....A................|a..!...|..........<.....Be ....y7.................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\............................................................................................................................................................................................................C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\.............................................................................................................................................................................................................0u...............................................=.............{.{.#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:Extensible storage engine DataBase, version 0x620, checksum 0x24badd07, page size 32768, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):41943040
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.3308331740419634
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24576:+LzECgrP8+64dtPCfY9MkLvNiCm3HgmV6PDQgGEsg9jofSg/Jm7bpKu2C0lfoBg:lrP8M8fY9lhvPDQgGfVu2
                                                                                                                                                                                                                                                                                              MD5:ABDD0A3441EE6F313E310E205410B94F
                                                                                                                                                                                                                                                                                              SHA1:3BE031ABE7B1082BF31C8940F62C18776D1D884F
                                                                                                                                                                                                                                                                                              SHA-256:9EE9837F824FFCED2D1521E668DC61F162BD891FD1532E7A9C647C7697539473
                                                                                                                                                                                                                                                                                              SHA-512:FACE49B86DD864F87C924926713220D4300775FFA596FF330B3560047BDD0CA6132DC2BD6447208F3F94BF01FD62F1C9FA62B5BAC6C9B5CC2B594E216E60BA60
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:$...... ....................*...y......................6...A....8...|..+....|..h...A.........................Be ....y7.........................................................................................................bJ......n...............................................................A...A....................................... ............|a.............................................................A...........................................................................................................................N...:....y!.................................n...+....|.J................J.y.+....|..................A........#......h...A...................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.jfm

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):16384
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.21186626997221628
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:6:qnG2LLXTDeoZx5CYKGE26Zlltltpy+091cGucKMlKRlCm7MEWtDnQ:BEzX1bGZ/tltpyj91wfR0mxZ
                                                                                                                                                                                                                                                                                              MD5:BE167A3C19C7F4AF7917408F9001ACFB
                                                                                                                                                                                                                                                                                              SHA1:CEB7D912CF3F5252C3C35A2D2A6B48D6FAEFACB5
                                                                                                                                                                                                                                                                                              SHA-256:565292F76F1A213BDB04865B77BCC6BB0349CFDE36205B0535134EB0FDEA1728
                                                                                                                                                                                                                                                                                              SHA-512:62FE0FAB808B3369DD8BC7DC2E23978E9F262FBBAB5A78EA2636770300BC984688CDEDDC25FF29BF310DD480A4F47826A1967B00E94BCDE41D59868DF8E62A39
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:(.U......................................*...y..+....|...8...|..A....... 7...|..17...|....q..8...|.N................J.y.+....|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\6358C710-B89F-46B9-93F2-F6CAC44F5286

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1128
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.8711548759763463
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:24:V98uC1TFmO6IALlwfasJ1KF+II29l/d45H6keEOFlwMASKQlsM6aSDjoUuTE:V98ukYhL+fa6KFLd45yemLlyfDcE
                                                                                                                                                                                                                                                                                              MD5:69E72CC0D9EC2A6A5DC511BAB73112DE
                                                                                                                                                                                                                                                                                              SHA1:80FFD5A2E34F21B61FB8D7B43A40D7CA964F3317
                                                                                                                                                                                                                                                                                              SHA-256:7644AEE56F39A8E2BF9D030E55235258B89081266FD91A2EF4E17AC499397CD8
                                                                                                                                                                                                                                                                                              SHA-512:7B0E1EEF90F8088FB671787D56D863B2EB505930922B17E1D4F20236EA4C380C51CD3898C6A648FD0A95D00F26B458A72167D8A489A87D5974471E16BC7C743A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Y.4.2.0.x.p.8.u.f.k.e.Y.e.8.q.y.1.e.j.6.N.A.Q.A.A.A.A.C.A.A.A.A.A.A.A.Q.Z.g.A.A.A.A.E.A.A.C.A.A.A.A.A.I.m.H.c.8.A.N.G.h.E.b.X.i.4.6.K.e.D.j.M.N.I.y.M.+.o.u.U.+.1.r.H.i.Y.d.G.Z.8.2.A.5.G.w.A.A.A.A.A.O.g.A.A.A.A.A.I.A.A.C.A.A.A.A.D.o.5.Z.Y.z.L.T.P.S.o.K.4.C.f.5.g.V.2.b.J.G.N.2.9.V.M.6.y.D.A.k.O.Z.C.M.P.G.Z.L.G.H.c.d.A.A.A.A.C.V.D.6.I.2.S.z.k.L.+.U.E.1.v.i.7.7.a.o.B.9.b.E.C.i.6.8.a.V.K.F.Y.8.F.m.h.x.A.i.c.m.U.A.A.f.f.Q.l.s.X.D.o.C.x.j.2.T.x.U.t.s.8.E.v.1.S.0.1.7.n.R.l.c.K.I.z.c.M.b.L.W.+.v.3.n.t.d.6.D.S.m.s.V.j.W.n.F.K.d.C.2.8.p.p.Q.f.N.O.O.I.T.t.F.M.V.o.E.p.o.A.+.w.g.g.m.D./.M.H.L.q.H.O.w.r.X.0.Z.J.g.2.A.C.E.s.T.q.g.y.Z.u.1.y.I.L.f.b.o.8.P.u.L.g.L.l.E.i.1.g.N.x.9.J.M.a.s.h.m.c.L.T.9.7.B.0.j.M.B.F.A.2.S.N.s.8.L.b.b.C.M.F.s.m./.C.9.u.l.K.h.O.5.O.p./.N.a.w.R.E.C.O.X.N.h.J.t.O.N.T.r.I.W.f.7.9.l.6.3.G.X.t.v.y.O.a.l.h.u.F.w.3.V.I.F.c.g.k.G.r.U.s.e.p.9.i.m.L.8.J.O.l.5.z.6.s.0.Q.A.A.A.A.M.E.v.R.S.I.G.n.a.9.B.7.g.E.I.C.Z.S.f.8./.v.W.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\CheckUpdate.log

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:U:U
                                                                                                                                                                                                                                                                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                                                                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                                                                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                                                                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:1

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):64
                                                                                                                                                                                                                                                                                              Entropy (8bit):2.796569531114783
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:flnI9HQ0zyzl8flrxZXql:KFQmNK
                                                                                                                                                                                                                                                                                              MD5:5037584550D192DE01F0E68DA378DD32
                                                                                                                                                                                                                                                                                              SHA1:43225D5D79A97352AD92A3576A284D0C12E41619
                                                                                                                                                                                                                                                                                              SHA-256:216FEDF261C8739E1F442D950C2610B2EC0573875BDCBEAD23925009F31FF384
                                                                                                                                                                                                                                                                                              SHA-512:AD8C1AD228AA4BD54562A92E45945EDFB2667DE7A14D35C18E7A83C31CFEBC8DFC0427D50984229F873751D3482E144E2881C58E36D4BDBA47AB9EE8E2429D6F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:6.D.8.B.7.B.B.5.C.D.3.B.7.1.8.4.0.1.0.B.E.4.5.B.5.1.F.2.8.5.6.F.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):72
                                                                                                                                                                                                                                                                                              Entropy (8bit):2.7970589458155923
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:2l9HUASlSKLYIRrnTlchiHuXlFHlilnn:CSASIK5JGAQlHGn
                                                                                                                                                                                                                                                                                              MD5:B7F40A497C2413868C01FDF958901149
                                                                                                                                                                                                                                                                                              SHA1:432DAE901762D90425399D69B1A9A47D513D9D3C
                                                                                                                                                                                                                                                                                              SHA-256:5D350B0B2DE90B8A8B665EFC547C3B2BAC827082679E64EFAE35BA0F646002F2
                                                                                                                                                                                                                                                                                              SHA-512:36B750AFC60C53C648435B415F468CB1F7D550E093B2504F3616002413D6A3A93C97B4A225837BEE702745F03E34008AC19844424A1F04943951A3168C842958
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:e.6.6.6.8.c.4.9.-.7.5.4.7.-.4.b.4.b.-.8.c.9.4.-.e.3.b.e.a.3.b.b.e.d.f.8.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bjlbf4he.bgw.psm1

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\wa_3rd_party_host_32.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:modified
                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hw5sww41.tyw.ps1

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\wa_3rd_party_host_32.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\asw 1b3fb021332e14d.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCUpdate.exe
                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):35
                                                                                                                                                                                                                                                                                              Entropy (8bit):2.9889227488523016
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:CUdrllHh/:HJ/
                                                                                                                                                                                                                                                                                              MD5:28D6814F309EA289F847C69CF91194C6
                                                                                                                                                                                                                                                                                              SHA1:0F4E929DD5BB2564F7AB9C76338E04E292A42ACE
                                                                                                                                                                                                                                                                                              SHA-256:8337212354871836E6763A41E615916C89BAC5B3F1F0ADF60BA43C7C806E1015
                                                                                                                                                                                                                                                                                              SHA-512:1D68B92E8D822FE82DC7563EDD7B37F3418A02A89F1A9F0454CCA664C2FC2565235E0D85540FF9BE0B20175BE3F5B7B4EAE1175067465D5CCA13486AAB4C582C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:GIF89a.............,...........D..;

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\asw8b22e044174de44d.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCUpdate.exe
                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):35
                                                                                                                                                                                                                                                                                              Entropy (8bit):2.9889227488523016
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:CUdrllHh/:HJ/
                                                                                                                                                                                                                                                                                              MD5:28D6814F309EA289F847C69CF91194C6
                                                                                                                                                                                                                                                                                              SHA1:0F4E929DD5BB2564F7AB9C76338E04E292A42ACE
                                                                                                                                                                                                                                                                                              SHA-256:8337212354871836E6763A41E615916C89BAC5B3F1F0ADF60BA43C7C806E1015
                                                                                                                                                                                                                                                                                              SHA-512:1D68B92E8D822FE82DC7563EDD7B37F3418A02A89F1A9F0454CCA664C2FC2565235E0D85540FF9BE0B20175BE3F5B7B4EAE1175067465D5CCA13486AAB4C582C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:GIF89a.............,...........D..;

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\aswb5f240dfc31fac0b.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCUpdate.exe
                                                                                                                                                                                                                                                                                              File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):35
                                                                                                                                                                                                                                                                                              Entropy (8bit):2.9889227488523016
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3:CUdrllHh/:HJ/
                                                                                                                                                                                                                                                                                              MD5:28D6814F309EA289F847C69CF91194C6
                                                                                                                                                                                                                                                                                              SHA1:0F4E929DD5BB2564F7AB9C76338E04E292A42ACE
                                                                                                                                                                                                                                                                                              SHA-256:8337212354871836E6763A41E615916C89BAC5B3F1F0ADF60BA43C7C806E1015
                                                                                                                                                                                                                                                                                              SHA-512:1D68B92E8D822FE82DC7563EDD7B37F3418A02A89F1A9F0454CCA664C2FC2565235E0D85540FF9BE0B20175BE3F5B7B4EAE1175067465D5CCA13486AAB4C582C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:GIF89a.............,...........D..;

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nsd9394.tmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):238267488
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.893371969898291
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:3145728:0Vmq7rJ3Y4NPSA5GjL4ileyzhbkCIDq5DjRhLKJLuWMAVSyY:0X7a4BJmrh5DjRhLKE1AUyY
                                                                                                                                                                                                                                                                                              MD5:542B89E79FADC8836038AEF1D7F9B8E2
                                                                                                                                                                                                                                                                                              SHA1:B05F667D2557F93E7F8951465B74F0DD1512AD96
                                                                                                                                                                                                                                                                                              SHA-256:580F78F62ED56880879CFF1C569E308D736A7F8B0DDE2AAB861D8D4E3656B879
                                                                                                                                                                                                                                                                                              SHA-512:D78EB53FC73BF1631355DA13DD346FD9B601FC95EE2A320AE1CC0963724E92612C4048755CA16D8F81C31A7288EBB0514D686FD4C79B5938FC11E8C6CBB92043
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:........,................B... ..h...........<...............................]...........................b.......6...............................................................................................................................................................................................j...............................................................................................................................................................................................t$..........j........:..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ButtonEvent.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):5120
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.070048832652426
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:C24568A3B0D7C8D7761E684EB77252B5
                                                                                                                                                                                                                                                                                              SHA1:66DB7F147CBC2309D8D78FDCE54660041ACBC60D
                                                                                                                                                                                                                                                                                              SHA-256:E2DA6D8B73B5954D58BAA89A949AACECE0527DFB940CA130AC6D3FD992D0909D
                                                                                                                                                                                                                                                                                              SHA-512:5D43E4C838FD7F4C6A4AB6CC6D63E0F81D765D9CA33D9278D082C4F75F9416907DF10B003E10EDC1B5EF39535F722D8DBFAB114775AC67DA7F9390DCC2B4B443
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................Q..............A.......i.......Y.......X......._.....Rich....................PE..L....*.M...........!......................... ...............................`............@..........................!......\ ..<....@.......................P....................................................... ..4............................text...:........................... ..`.rdata....... ......................@..@.data...l....0......................@....rsrc........@......................@..@.reloc..2....P......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\INetC.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):24064
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.321814815133819
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:7760DAF1B6A7F13F06B25B5A09137CA1
                                                                                                                                                                                                                                                                                              SHA1:CC5A98EA3AA582DE5428C819731E1FAECCFCF33A
                                                                                                                                                                                                                                                                                              SHA-256:5233110ED8E95A4A1042F57D9B2DC72BC253E8CB5282437637A51E4E9FCB9079
                                                                                                                                                                                                                                                                                              SHA-512:D038BEA292FFA2F2F44C85305350645D504BE5C45A9D1B30DB6D9708BFAC27E2FF1E41A76C844D9231D465F31D502A5313DFDED6309326D6DFBE30E51A76FDB5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........G.G.G.G.^.%...C.....F.(.C.(.D.G...A..F...F....F.RichG.........................PE..L...7M.N...........!.....,...8......A;.......@.......................................................................I..l....A..x....p...............................................................................@...............................text....+.......,.................. ..`.rdata.......@.......0..............@..@.data........P.......<..............@....rsrc........p.......P..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\System.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):12288
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.814115788739565
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                                                                                                                              SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                                                                                                                              SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                                                                                                                              SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\UserInfo.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):4096
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.3422620069068625
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:2F69AFA9D17A5245EC9B5BB03D56F63C
                                                                                                                                                                                                                                                                                              SHA1:E0A133222136B3D4783E965513A690C23826AEC9
                                                                                                                                                                                                                                                                                              SHA-256:E54989D2B83E7282D0BEC56B098635146AAB5D5A283F1F89486816851EF885A0
                                                                                                                                                                                                                                                                                              SHA-512:BFD4AF50E41EBC56E30355C722C2A55540A5BBDDB68F1522EF7AABFE4F5F2A20E87FA9677EE3CDB3C0BF5BD3988B89D1224D32C9F23342A16E46C542D8DC0926
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L...!.Oa...........!................~........ ...............................P............@.........................@"......l ..<............................@..p.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data...h....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\a\asdk.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1098648
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.667490399491581
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:E3F60A2CF6B1D155F5F7D17615907013
                                                                                                                                                                                                                                                                                              SHA1:8191871854DCBCC4FE34218040215581B0FCCF43
                                                                                                                                                                                                                                                                                              SHA-256:74FCD2367FB1D9C0084547EBAF1C6DB081946453A5D0A2D668D83D3C489A60A9
                                                                                                                                                                                                                                                                                              SHA-512:20A57A1D2CE3D081958B4B3B48F1C902039F26DD28ABCAC94FAD6F20E8E5D630BBFD2365EB7200F7C8D676C593CB3DC465A406E8536ABDF63BD7EF76BB86DF2B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................@...........!..L.!This program cannot be run in DOS mode....$.........cH.............l.........................................................................K....................i...v...i......i............i......Rich...................PE..L...Z.hc...........!.....:..........p........P......................................'9....@A............................H............0..p...........H...P)...@..H.......................................@............P...............................text...Z9.......:.................. ..`.rdata.......P.......>..............@..@.data... .... ......................@....rsrc...p....0......................@..@.reloc..H....@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\g\gcapi_dll.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):356864
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.662745889899097
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:2973AF8515EFFD0A3BFC7A43B03B3FCC
                                                                                                                                                                                                                                                                                              SHA1:4209CDED0CAAC7C5CB07BCB29F1EE0DC5AC211EE
                                                                                                                                                                                                                                                                                              SHA-256:D0E4581210A22135CE5DEB47D9DF4D636A94B3813E0649AAB84822C9F08AF2A0
                                                                                                                                                                                                                                                                                              SHA-512:B6F9653142EC00B2E0A5045F0F2C7BA5DBBDA8EF39EDF14C80A24ECAB3C41F081EB466994AAF0879AC96B201BA5C02D478275710E4D08B3DEBC739063D177F7E
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..e7.67.67.6q.x65.6._m65.6.c^66.6:.x6..6:.F6..6:.y6..6J.|6..6._v6,.67.6..6J.x6..6J.E66.6:.B66.67..66.6J.G66.6Rich7.6................PE..L.....5W.........."!.....J...X...............`............................................@.........................0#.......$...................................-...c..................................@............`......t"..@....................text....I.......J.................. ..`.rdata.......`.......N..............@..@.data....L...@......."..............@....tls.................<..............@....rsrc................>..............@..@.reloc...-...........D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\modern-header.bmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PC bitmap, Windows 3.x format, 150 x 57 x 24, image size 25764, resolution 3780 x 3780 px/m, cbSize 25818, bits offset 54
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):25818
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.1555809525391862
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:079CB79B69190FFB3A584A7344E34197
                                                                                                                                                                                                                                                                                              SHA1:35A450167CD54BEAF5D50BD85E00858A6684C724
                                                                                                                                                                                                                                                                                              SHA-256:AB3DEA92A333E89F41BB310D5B5D5A52B80D2AEDF78B0516F2B1A6A9AF69B222
                                                                                                                                                                                                                                                                                              SHA-512:CBCD40BB163BC51DF0E42A2CE3565848734B8FD6065592CB90270182B7473ECBA71D0623505CA2C5654C9D65E16394AC55919D4018BBEFE0CB72489579593E18
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:BM.d......6...(.......9............d....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\modern-wizard.bmp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154488, resolution 3780 x 3780 px/m, cbSize 154542, bits offset 54
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):154542
                                                                                                                                                                                                                                                                                              Entropy (8bit):1.8895357436613915
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:8BD95FBD159E00B9823FE8D60CCF9B50
                                                                                                                                                                                                                                                                                              SHA1:C55E1A485062EFCAE2AC4D4AA43172A0D8DC9413
                                                                                                                                                                                                                                                                                              SHA-256:6EF238FAFC028BA028EACBFF28BCC670CD7213DF9318F99F619AC3E2988D16F3
                                                                                                                                                                                                                                                                                              SHA-512:1BBF9D41D3180CFDDB99E300142B619DDBC225A099A43E8755AECB44000A4248A7606D04BBEA3C1E65143FC488C40D30FCF9BDD418174BD821247B932977F86F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:BM.[......6...(.......:...........x[....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\nsDialogs.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):9728
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.158136237602734
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:6C3F8C94D0727894D706940A8A980543
                                                                                                                                                                                                                                                                                              SHA1:0D1BCAD901BE377F38D579AAFC0C41C0EF8DCEFD
                                                                                                                                                                                                                                                                                              SHA-256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
                                                                                                                                                                                                                                                                                              SHA-512:2094F0E4BB7C806A5FF27F83A1D572A5512D979EEFDA3345BAFF27D2C89E828F68466D08C3CA250DA11B01FC0407A21743037C25E94FBE688566DD7DEAEBD355
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L.....Oa...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\nsProcess.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):4608
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.703695912299512
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:F0438A894F3A7E01A4AAE8D1B5DD0289
                                                                                                                                                                                                                                                                                              SHA1:B058E3FCFB7B550041DA16BF10D8837024C38BF6
                                                                                                                                                                                                                                                                                              SHA-256:30C6C3DD3CC7FCEA6E6081CE821ADC7B2888542DAE30BF00E881C0A105EB4D11
                                                                                                                                                                                                                                                                                              SHA-512:F91FCEA19CBDDF8086AFFCB63FE599DC2B36351FC81AC144F58A80A524043DDEAA3943F36C86EBAE45DD82E8FAF622EA7B7C9B776E74C54B93DF2963CFE66CC7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.I...I...I...n}f.L...I...P...@..K...@..H...@..H...RichI...........................PE..L...\..N...........!......................... ...............................`.......................................#....... ..<....@.......................P..|.................................................... ..d............................text............................... ..`.rdata....... ......................@..@.data... ....0......................@....rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\p\ServiceUninstaller.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):509424
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.731421785316144
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:3053907A25371C3ED0C5447D9862B594
                                                                                                                                                                                                                                                                                              SHA1:F39F0363886BB06CB1C427DB983BD6DA44C01194
                                                                                                                                                                                                                                                                                              SHA-256:0B78D56ACEEFB4FF259660BD55BBB497CE29A5D60206B5D19D05E1442829E495
                                                                                                                                                                                                                                                                                              SHA-512:226530658B3E1530F93285962E6B97D61F54039C1BBFCBC5EC27E9BA1489864AECD2D5B58577C8A9D7B25595A03AA35EE97CC7E33E026A89CBF5D470AA65C3E8
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j.v#...p...p...p:..q#..p:..q...p:..q6..p|..q>..p|..q9..p|..qg..p:..q)..p'..p,..p...p...px..q'..px..q/..px..p/..p..p/..px..q/..pRich...p........PE..L..."-.b...........!................................................................Yy....@A.........................+.......,..P.......h................)......DB......T...............................@............................................text...:........................... ..`.rdata.............................@..@.data....6...@...(...*..............@....rsrc...h............R..............@..@.reloc..DB.......D...X..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\p\pfBL.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):14075192
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.804717220680649
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:DD7852F725E2441E2AF38AC16793E556
                                                                                                                                                                                                                                                                                              SHA1:076454588E78AD5100B152E943251ECCA8BBCB70
                                                                                                                                                                                                                                                                                              SHA-256:0D52794A670391B7BC804EC5140F4A114910C22BF5676EAD321388F31907EF94
                                                                                                                                                                                                                                                                                              SHA-512:9EE71F85AEB2615290BC42E9E9FBC215832EF37CEEF6CF5D0C5A213E35113DA2D99FA6A6C1384DE6179641A5D03F08ED81932F6AFDFE18EFDDD451E405E2D323
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...................................p...........!..L.!This program cannot be run in DOS mode....$.......................Z...n......uu)....uu.....uu.....uu....................(......u......}......d......-.........7...G..........................(...Gv..4...Gv.....Gv+.....C....Gv.....Rich............................PE..L...6.'f...........!...'......B............. ............................... ......n.....@A........................ .........0.......................8)...........G..T...................@H.......G..@............ ..<............................text............................... ..`.rdata...*.. ....*.................@..@.data...0.......<.................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\pfUI.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):19036984
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.717493912347977
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:7E36940483A62F7E3BDD30D95EF37B93
                                                                                                                                                                                                                                                                                              SHA1:5E5624AFD2170A8F32FBC52BC296CAF4A16E211D
                                                                                                                                                                                                                                                                                              SHA-256:A639F28EB67410B9D685FF7EB564EB8C1A45F1116A6C520321510C8C6EB89923
                                                                                                                                                                                                                                                                                              SHA-512:32D12FB13FED59B7801F32A2D65CC54739E99F289398FA62BDF3E952C5C3561819C8D75B35BF2F127967585C11A272A633470CA7325B16C06453D4F06EDED663
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................F...m.....v.u.....v.......v.......v......................+.......v.....................p.....v.....~.....g...............4.................................D.......D.......D.w.............D.......Rich....................PE..L.....'f...........!...'....................................................C......."...@A........................p...........l....................R".8)....8.........T...................@...........@...........................................text.............................. ..`.rdata...T3.....V3.................@..@.data...p.0..0...F..................@....rsrc................V..............@..@.reloc........8......P..............@..B........................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\CC_Logo_40x96.png

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PNG image data, 40 x 37, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):2917
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.919668479594029
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:D32B0460183056D3056D6DB89C992B88
                                                                                                                                                                                                                                                                                              SHA1:79823E151B3438AB8D273A6B4A3D56A9571379B4
                                                                                                                                                                                                                                                                                              SHA-256:B013039E32D2F8E54CFEBDBFDABC25F21AA0BBE9EF26A2A5319A20024961E9A7
                                                                                                                                                                                                                                                                                              SHA-512:3AD36F9D4015F2D3D5BC15EAC221A0ECEF3FCB1EF4C3C87B97B3413A66FAA445869E054F7252CC233CD2BF8F1AA75CB3351D2C70C8121F4850B3DB29951BC817
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.PNG........IHDR...(...%.....0`......sRGB.........IDATX..Xil\..=o..3....1.q"b.,.HS.R...J.EE.*Z.K.R...Z.*..."~..?*U.PK.....KH..(aQ.g..N....>o.....8..8f..;.-w9.|.}Z.....dN>.7..W,.wl@.a4.a.."..F8....E.\...*.<......B...f[0....pu..f ....`v^.h.F4..Pc..3..e0.p.r/..ox.f. ...N .a....%....).6-....<.S...Z...).......|....3.L..w._..,.0b1 ..f..F4.....f.... ..>..:..#..+.V,.....h.......0~ ............q.3):...#_...x/......p.WF+.w@.T.Qy.......BO'.zj'......Qj..+3o...?Dxb.."\...U.$.......`.E.)...i8.X..Yc<...6.L.......).Ri....8..]L.r'..".$....d...."L...o....Lc[$...\.3.l.v.V.l.d........ZU ...<q...z.a...+PuV(Z..[..F.z..../E')r..E.5...lN=..9....(.~.G~.....z...<M.;].7.@.$7*,.E}d.8..6b49.UF...)X.K@.......V .....f........2.......8.G.&.r....y..&...t..;#.X.W......5...l.z.G.:+Wc.7....pQ+v.%d.{.aM#..k.H...W.....(^[..'.^.p.u.I.p.B...F=..T..FguO..g.....?.1Z.w../.0=.....4*.l^....;..5..............*.u7~...e..jv...#........f..f ..z(......X.......dP....#.w'....?D}2.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\CC_logo_72x66.png

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PNG image data, 72 x 66, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):7486
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.964739649140705
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:A736159759A56C29575E49CB2A51F2B3
                                                                                                                                                                                                                                                                                              SHA1:B1594BBCA4358886D25C3A1BC662D87C913318CB
                                                                                                                                                                                                                                                                                              SHA-256:58E75DE1789C90333DAAF93176194D2A3D64F2EECDF57A4B9384A229E81F874F
                                                                                                                                                                                                                                                                                              SHA-512:4DA523A36375B37FA7BC4B4CCF7C93E1DF7B2DA15152EDF7D419927AA1BB271EF8BA27FE734D2F623FCC02B47319E75333DF014BED01EB466E0CD9EC4111EF53
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.PNG........IHDR...H...B......v.!....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..\..\U.>.........N.... .;.Yd..DP.ap..q@d..qp\>..AEP6..E.(.a...hX...Y:K..N.....9wyU.p...q:y]...........5...s..3..[.....FC.D....8-.!(.......E.v....d_....,H6........kXf.i.S)12......P...G<....p(...~......]...=.......>yR.T.T..[.5.0M...&%`.&bB.......o....8.@..}.....+.^..+..(..?v......?.@..b|...klJ~..y..p.q.....p..(>.?0,0 .Fp!..l.<8...........S.(?.d._......{....}.k.........'5..W..g&S.aY...X...gk.....,I...>...M....e.....<......4B6E@.$. ..`y>.....cE..-=..~.cdd....c...N^S..?.J.-..."m."@.>..S4/.H....(..j=.>.8.F6v.t..7...5.. .Z..2.).i...x. X.@.........f.X...u......y.../...cs..h.6M.1a...1.%D\).....R..Sp"...X.t"...ws..^..x3~.....8Q...... .d.>...M....u..8v.=?..:........x.A..$.;....6@....A..U&....L4..4...V........M.L..!..c.T. .UG.r...~.c.cP.X.M......^2..@......6'.O.YD..M.V........4.19..|",@....w.U...,.g.a.".....2.I..&..QM.(f.8.8^|\.<...mL..3....8t.....=.t..I{y.c.#A....M...

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\Montserrat-Regular.otf

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:OpenType font data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):45360
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.905288287751393
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:27E50FFD6A14CBC8221C9DBD3B5208DC
                                                                                                                                                                                                                                                                                              SHA1:713C997CE002A4D8762C2DCC405213061233E4BC
                                                                                                                                                                                                                                                                                              SHA-256:40FC1142200A5C1C18F80B6915257083C528C7F7FD2B00A552AEEBC42898D428
                                                                                                                                                                                                                                                                                              SHA-512:0A602F88CFBA906B41719943465EDB09917C447D746BFED5C9CE9C75D077F6AED2F8146697ACD74557359F1AE267CA2A8E3A2CA40FB1633BDE8E6114261ABD90
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:OTTO.......@CFF c\.}........GDEF.S.0...h...(GPOSU.?....`....GSUB3.'.........OS/2h......0...`cmap5.p........@head..t*.......6hhea.A.9.......$hmtxD%:.........maxp.zP....(....name............post...2....... .........p._.<...........>......>.....e.....................>.........e.................z..P..z.....6.........X...K...X...^.2.?............................UKWN.@. ............ .............. .......>.........;.............;...........E...........L...........;.........H.i...................................................................................}.........v.........................!.........:./.......................i.........$..........."..........."...........2.?.........2.?......... .q.........4..Copyright . 2014 by Julieta Ulanovsky. All rights reserved.MontserratRegular1.000;UKWN;Montserrat-RegularVersion 1.000;PS 002.000;hotconv 1.0.70;makeotf.lib2.5.58329 DEVELOPMENTMontserrat-RegularJulieta Ulanovskyhttp://www.zkysky.com.ar/This Font Software is licensed under the SIL

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\PF_computer.png

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PNG image data, 679 x 176, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):89461
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.994111178657751
                                                                                                                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:7F4F45C9393A0664D9D0725A2FF42C6B
                                                                                                                                                                                                                                                                                              SHA1:B7B30EB534E6DC69E8E293443C157134569E8CE7
                                                                                                                                                                                                                                                                                              SHA-256:DBD8B6FDB66604A0A5E8EFE269FBFA598E4A94DC146006036409D905209DA42B
                                                                                                                                                                                                                                                                                              SHA-512:0C27F9CE615CBFF3E17FD772CE3929AB4419D7432D96223B7EEC1BA70953F2AC993404B954020247B52D7F7499212D44EB6F85DA2E2676773CAFE1CE89B390F9
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.PNG........IHDR...............PY....IDATx..k.-[V.W.9.j......~Cw.41..D...<d.l..E....K1A..r"......X..VL....C^.......8....W....{.9{..9.*...m.....n..g.Z...s....?.........y.....?....3/.|..._.}..y...gyVd16iY.i,.r.}]....bN3....*....{..-..,.?.o......U.m[.e].m.^...u.cU..4.eY...E....\...z[.L.K...YQ.K.].X...}..*...~'..l.f..ee..e.E.....u...,3......)M.....,.E.w-...X..\{...vZ....V...so.6..aO[.......J....Z.E....\...Z.YK..y...YU...u.x...Uo..).gJml..T.OEQU...n[.A.E..>o....K..a...2-.).Z..s..~K...i.,f...!...m[...aJ{./..%-.....*.OZ..!g.!.sJUU......%..|}^....*j.M.4z.4.r....u].$....ZvnQ.U%Y...'.^}BG..V.7.c.....T"......3.*_..6q..P...U...H}_.p..Im..^......i.8l...B......B.m..R.3.[.Ul....^$.3l...L..._.7..N.B-.+...].I?.-.uF.<..hv_..%..j$v.b.l.:K8.....,....\...'.U..Gp..Z....jI$.M`..7.....M..I.j.}...A......|].%....\.l..m.0..z@.We.'nu.....]...h.U.>..$.mQ..i...MI..Q.V.A.]/|>.t..\o.._..b....7.<...K....o.....r.f..ND_..Rq..Y.r(y...T...5Ls...qYfN...i.^a

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1025.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):251704
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.237318108280243
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:D02E2E5CE1D65F4EF0092E65C5480B18
                                                                                                                                                                                                                                                                                              SHA1:6B6DFBE7054960AEAE7B45877CEEB42E4A259E1B
                                                                                                                                                                                                                                                                                              SHA-256:68A72ED00112FADAA3672EB5A2D1F22F73DB411DF9E66A38B566696E72560990
                                                                                                                                                                                                                                                                                              SHA-512:FC7244B419B83749174C644525A34325ED1C5B53EB29D549ADCF3CE1FE6A2E3059D11CEFC1C7F178B96F42F0CF6B69EB4A6D14BDAAD67F18C3676BF59B4BF4ED
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................................@.......................................... ..8...............8)...........................................................................................rdata..............................@..@.rsrc...8.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..h|...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1026.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):299832
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.1243042143414845
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:DFF064C2874697EE5BD16CFB177338FB
                                                                                                                                                                                                                                                                                              SHA1:DE5FEEB172EC4627530A117331D7C96465882310
                                                                                                                                                                                                                                                                                              SHA-256:339667352F607737D6F0C55F0CF262C42FA0AB3BD20BB8E9CF67402DB3AFC640
                                                                                                                                                                                                                                                                                              SHA-512:97D2A2EBA22E50689A98C55F951CE0E9E3AF0EAC57C92EA5C44A6FBF89B1781F56A24E92FFC02D70EB7C781CF13B15BF1CCBB3919A10BE80B5887CEE2A524EBE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....h............................................................@.......................................... ...d...........j..8)...........................................................................................rdata..............................@..@.rsrc....d... ...f..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.. 8...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1027.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):302392
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6385041738085238
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:958570F583E0A76C8BFDA68A90F0EF64
                                                                                                                                                                                                                                                                                              SHA1:F145ED9DB93ECA42E7128AC05509C3B7C45A0B53
                                                                                                                                                                                                                                                                                              SHA-256:A0A7EBDB32FE591750D5F92BB362426014D773D7310CEA06D62BCF3B9B8AABA7
                                                                                                                                                                                                                                                                                              SHA-512:EA8181FF0A1B7C5050E7FC915100453EF637C7ADF4D3BF423A9C9DA13C9A403DABCA5469D1A9AEAFA0C8428F4690525F1C974325C3BF1123F2F7BA792CDCD88B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....r............................................................@.......................................... ...n...........t..8)...........................................................................................rdata..............................@..@.rsrc....n... ...p..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...B...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1028.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):118072
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.460592687959236
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:73035E682178F95C8D21A7A21B416A2A
                                                                                                                                                                                                                                                                                              SHA1:A274ABD56EB9E3CEF6CC8CEC0FD3F73FBDB27E45
                                                                                                                                                                                                                                                                                              SHA-256:48F5FE4738856368192A2A33D3975A9EDB51E2407E1B3E76EE8F6675E896DF22
                                                                                                                                                                                                                                                                                              SHA-512:01920A72941C04805CBAD7B63BA06FCC9436E0D72AB2124106BCA2BB0AD36666DA314417E7854C2CC2B42AFC27AD912F905D71AACDF805249DCD64448A9E2366
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'............................................................,C....@.......................................... ..X...............8)...........................................................................................rdata..............................@..@.rsrc...X.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...r...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1029.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):266040
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.971170034861619
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:17177872609AD07B13401C3C3D5FE361
                                                                                                                                                                                                                                                                                              SHA1:C73364BF6BCC544CD0EEB07ED5BFB4D11C5D28D4
                                                                                                                                                                                                                                                                                              SHA-256:13F1977D4E902D4C2E72DCD1312BFA48D48B82359ED285573E26A363D0DC4E06
                                                                                                                                                                                                                                                                                              SHA-512:62B7DB5977B6A2B5EAB6F51C793A5A07ADF569FDD9DE04CEDA58A5BEA1E7C8C2FD78B3B4BDB94F2E8B981A103BB75DE1E9BB08678EC4F67FBD260CDA4CC7F0EC
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'............................................................J.....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..8....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1030.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):261944
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.692473779110462
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:AF2A50F3A9A8F47E34A6C4702F34ACB5
                                                                                                                                                                                                                                                                                              SHA1:2138F248E542DA42E4BB468CF31D85FB7FEFF08E
                                                                                                                                                                                                                                                                                              SHA-256:10AE7E078ADBF8E16FBBB81A8E6AFC6B0648DA5E70B76EBF9BDFC917CE99A342
                                                                                                                                                                                                                                                                                              SHA-512:367AAA6E16E6DE4C5A78C0859D6A59BF2AE6F0671E474D53410274F63E5CFC975E8944840F7BECDAADC2CF5E715BC197FE7BEFA6B14A4DF47A55BB3A73F0BAA0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'..................................................................@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..@....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1031.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):296248
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6911674372044967
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:898BE97EA529F14B37982907EE021289
                                                                                                                                                                                                                                                                                              SHA1:39D7F5AAA3851D655C0FF8FC12BBD202CE31A700
                                                                                                                                                                                                                                                                                              SHA-256:453E44FF80FF08521A387EF59FFAC9506B19126147D90E911BB2613F4070F026
                                                                                                                                                                                                                                                                                              SHA-512:E26B6F2C2AE54ACDC39CA3CA66FDD59FE8EE454985BD496A75701A3D5C16B7005C033037A93EEE071F5608228E8547917D2F6EBEFA19EE4DC9628BD334076B5B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....Z............................................................@.......................................... ..(W...........\..8)...........................................................................................rdata..............................@..@.rsrc...(W... ...X..................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..X*...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1032.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):310072
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.295357101966761
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:63E7608900F23371C93FC00054D9BB09
                                                                                                                                                                                                                                                                                              SHA1:D97CF824D2EFF53976BDD2855026F5B94D8B4FDF
                                                                                                                                                                                                                                                                                              SHA-256:2D7BFC87EC65D989115A2F34A7825216B1C91287E54BBBF8B2E5E36AD1922D3E
                                                                                                                                                                                                                                                                                              SHA-512:32318653A3FA007E009C333B53CB21E1AB7AB75E83EE17FD2D80D1333AA3EC769892891EF1F09DAF765228E52352F4EC0CC3FD845100B616666C4F54F191931D
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.............................................................@....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...`...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1034.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):295736
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.617872244805447
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:957C566C1E255EF37302057F0B5F6662
                                                                                                                                                                                                                                                                                              SHA1:B182A0477CED5CDF99BCBC9DCD4DA993E6C3B526
                                                                                                                                                                                                                                                                                              SHA-256:569073E06A939818140F05DC056AD50ECC16CF15AFF530F21E1A6FBCD021B6FF
                                                                                                                                                                                                                                                                                              SHA-512:49E460C2CE73F6544CF71AE49D349890D9E6ECF2FF319812606041320EED14C94590605FFF9810154248FC4569477DA84DB21F0B0BD37E86387A450E06315323
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....X.......................................................1....@.......................................... ...T...........Z..8)...........................................................................................rdata..............................@..@.rsrc....T... ...V..................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...(...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1035.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):274232
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6408955872487243
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:483AE5C7CE3BB16A14385CAC8A115B1E
                                                                                                                                                                                                                                                                                              SHA1:988341024B401471C0E2A9AA48F4D20E99DF7D49
                                                                                                                                                                                                                                                                                              SHA-256:7C3BF7C5995D574BFB8E23BFFDF1BAB8E5A6CE0796E9B2F83F9CF074F59543DD
                                                                                                                                                                                                                                                                                              SHA-512:E84143B52F31E6BF49465A05BC23D142D7F2E55126CB7FE2D9090ECF78C5D4B4646F318B89B476F2BCFF129D6E12AAB0D13633108FC49A103361CB5735EDD382
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....................................................0............@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1036.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):307512
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6392919359316234
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:8826E3B25F297E87B96F2C9B59A270FC
                                                                                                                                                                                                                                                                                              SHA1:25DD4CA3A9776DE7A9798918DE0FC9D296B4788F
                                                                                                                                                                                                                                                                                              SHA-256:59159682886ED23F504AFA1C9296D8137D58C1D11E3B54F06C75B0D5244699BD
                                                                                                                                                                                                                                                                                              SHA-512:A089B92671696FEE86A54C180C709FFD1A7C44B78E0E594D6385C26BD8FE1D345E7A5D602586CBDDEF4BD6F575F05E5BDB37AF50E1AD3B7BC9A66B5549376CAE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'............................................................U&....@.......................................... ..@...............8)...........................................................................................rdata..............................@..@.rsrc...@.... ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..pV...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1037.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):84792
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.75496268997428
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:1AC786CF503957E126237D9AD898FEB5
                                                                                                                                                                                                                                                                                              SHA1:D17BFAC4514EAB106DB350B8B7CABD511327530A
                                                                                                                                                                                                                                                                                              SHA-256:246790A5E723B3E112B388247EE70268CEBBFE5D83149DBCF2ED1899943BF6CA
                                                                                                                                                                                                                                                                                              SHA-512:01894A3EFD6E89F90DAD3F5854D861A2F0E4F2057E7A8815D3590C95FD3EEE92902C693BCB0F51F7379647B891FBDE93603353820F212A1608B707D39747A758
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..... ...............................................@............@.......................................... ..............."..8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..p....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1038.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):293176
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.8208117039024057
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:D78EAB904C85F1D3205B27F3D4243B93
                                                                                                                                                                                                                                                                                              SHA1:55672866B1AD2713B3F52AAEF7F4150BABAB0E78
                                                                                                                                                                                                                                                                                              SHA-256:6A48DB37DBB23306FDDC5A2A00259DFC6730F706DE94993141D8826F8A6DE9C5
                                                                                                                                                                                                                                                                                              SHA-512:45B5AA5D502EBAE67D59925744B363A3190F72F515F9E27E72B4A2F9F2E4DAFC98236B356E057B3060EA390B34F2C89DEAD8F65FF950C55640428CE6CFF1C71B
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....N...............................................p............@.......................................... ..`J...........P..8)...........................................................................................rdata..............................@..@.rsrc...`J... ...L..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1040.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):290104
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.607274730372722
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:7B10026E6AFF658CB689D9E6262EF2B3
                                                                                                                                                                                                                                                                                              SHA1:BF8425A45D4BF8F0F35B5AB0A71FF788B91B2388
                                                                                                                                                                                                                                                                                              SHA-256:1295347C1D65A87DC38C9BC92B7558224B8659BCCC97F780C3D241DCD32BF40E
                                                                                                                                                                                                                                                                                              SHA-512:838FFB23215890263125EFA046D19843DACDB96EEA380F831C13411D6FC287EC1D799B8D516504302A0719A9C369FB6603A49FDCB171A12DE2CB297688462365
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....B...............................................`...........@.......................................... ..H>...........D..8)...........................................................................................rdata..............................@..@.rsrc...H>... ...@..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..x....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1041.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):158008
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.589022762598643
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:56810F4132854032783C67E973936D77
                                                                                                                                                                                                                                                                                              SHA1:87D674823AA7A640A61645CC6B6F50FA634830A5
                                                                                                                                                                                                                                                                                              SHA-256:A7FD92CE7A9C4D1DAB0A47537C3D76614060413D58237611AEE779728202EB83
                                                                                                                                                                                                                                                                                              SHA-512:9EE953FE73D336844A1ED74EB64BC85D0D03B29E121D6A45E8BA3815B9EE7BF8E7B266678D0F0DDDE6288401ECCCDB9A5D6AC229E163AE6D1E1D18A23EC81077
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....>...............................................`.......w....@.......................................... ...;...........@..8)...........................................................................................rdata..............................@..@.rsrc....;... ...<..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1042.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):152888
                                                                                                                                                                                                                                                                                              Entropy (8bit):5.845659391108274
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:318B9708C18ED2EAA44ADFE162507E33
                                                                                                                                                                                                                                                                                              SHA1:541FE2E5C19B77E74B197BE87047AB821BFB72A3
                                                                                                                                                                                                                                                                                              SHA-256:29BE3B3527CE13A4C5D00ECE71A02E71CE31C3489A5777C8193A31C71CB1F8CF
                                                                                                                                                                                                                                                                                              SHA-512:90C5F60A73FBB95634387A9937B4CCE1B720B646FF0FFA15DDAD67D47A4FBD838369EEE30D0150B21725FCE30DA758112C32230C3B26EBEBFB6E2B3084ACB4F7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....*...............................................P............@.......................................... ...'...........,..8)...........................................................................................rdata..............................@..@.rsrc....'... ...(..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1043.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):291640
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6308756241554834
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:0574ED4ADEC3E130E51B08F3A4FF8DFC
                                                                                                                                                                                                                                                                                              SHA1:1178ABEA55347F0290ABFC4B9913175A4146B945
                                                                                                                                                                                                                                                                                              SHA-256:1B472DB7A78CFC8AF4DBDD9F90063BF1B2183B001166F02B27108C3D59D1CEA5
                                                                                                                                                                                                                                                                                              SHA-512:7430E240DAB0F7F2777E1C3173EFDD26200BD8DC950F0D271499910686E2C970DBA1814B4141953A6D0378FB5B424194B2E48028797CD5C9D11F7DC79CD582D2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....H...............................................p......l.....@.......................................... ...E...........J..8)...........................................................................................rdata..............................@..@.rsrc....E... ...F..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1044.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):263480
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6780613031156406
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:1B51759DF5E09AB7972663E1C1A55BD1
                                                                                                                                                                                                                                                                                              SHA1:FB2FF28887E61E09CC4776D9F4965740B5EF066C
                                                                                                                                                                                                                                                                                              SHA-256:E64F69748D1B12191AF9296A98BA025AB6AF19B8F895C0689FDB1680AA912774
                                                                                                                                                                                                                                                                                              SHA-512:26E423FD3B5B3CDC835E39EAD230DB157F9A7F193231F5A479E531251756E4A0047451EFF7BB896520F52CE36D209F16FA7DBC68BC3B14FE93DF5EA42027B322
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................................@.......................................... ..`...............8)...........................................................................................rdata..............................@..@.rsrc...`.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1045.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):297272
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.8779146741516244
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:0AC74046010578C28FEEE2B20C923D0D
                                                                                                                                                                                                                                                                                              SHA1:4C386C387E2564CF9E7FE3648E139B09E25B3C90
                                                                                                                                                                                                                                                                                              SHA-256:B53355060D7C13222F42936F255AFDA31BB33815F9F6E10AE1EB503C7EB4406E
                                                                                                                                                                                                                                                                                              SHA-512:BDBA823BEBAF154CE8B31E62FF8F8B91891DD505B6FF2CFC86AA8B24541CFE30653758E790E08573B4CABC12DB97D85BE464074F468CA06BAA1558EBAEC26EA0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....^...........................................................@.......................................... ...Z...........`..8)...........................................................................................rdata..............................@..@.rsrc....Z... ...\..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...-...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1046.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):287032
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6585975784930858
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:AA0ADF788E76739015028B5193464285
                                                                                                                                                                                                                                                                                              SHA1:6A6DAF90FAF8AFACC2C307B9618BDE315876EBC0
                                                                                                                                                                                                                                                                                              SHA-256:07A46BECD76FB66A0564380E7BBC11F8EF42B1D6ABD46BAC1CCD60659D53B7EE
                                                                                                                                                                                                                                                                                              SHA-512:BBD21B5F64206AC015CE4F1CEC52AFC020E69C73C222D272EFF673697869B732FE641DFB53E65C95FD5EF99DEC431D6CF6C01BFC7EB8310201C95AD47BD28C49
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....6...............................................`............@.......................................... ...2...........8..8)...........................................................................................rdata..............................@..@.rsrc....2... ...4..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..@....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1048.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):307512
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.769077817866265
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:7A4A9B7075B684C9F6DC8C29141AA41F
                                                                                                                                                                                                                                                                                              SHA1:FE500D4624AC7CA48ED0E5E6F69CDBAA7F22F66E
                                                                                                                                                                                                                                                                                              SHA-256:C8ABC732C1ED5F2E52339CA857CDBCAD2F0DD4BF364D18E1E17F640DBBEFA772
                                                                                                                                                                                                                                                                                              SHA-512:98476AA3A612CEFCF5092B19A2ADB035F223075B7A0CB601FD619DC40CF5682D87D2A48022172404D8036F011787A29E2AB566EB6D0C860C7D56C76EA3501DD3
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'............................................................^.....@.......................................... .................8)...........................................................................................rdata..............................@..@.rsrc....... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...W...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1049.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):275256
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.253730766195552
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:16BA7EB4B8D1932B2465F8E323E368A0
                                                                                                                                                                                                                                                                                              SHA1:0DBD1E285945251DC617E13EA935A40963E6463F
                                                                                                                                                                                                                                                                                              SHA-256:364922F9570F4926303FD79B93F094B99E5F80AC8C7DA865639F11CBA0843197
                                                                                                                                                                                                                                                                                              SHA-512:6029D0FF0D9AA12545B63B9CE86EBF3912EEAF28872A72436BDDD84CA668E71FA7F8C4EC5C8FC6DFE1D25E01A4D045D517CB8753D0FF7B72FE826024D079EEE4
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....................................................0.......F....@.......................................... ..x...............8)...........................................................................................rdata..............................@..@.rsrc...x.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1050.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):287032
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.750468226940186
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:FD4DEF03B01D0F157C354E78BC718F5B
                                                                                                                                                                                                                                                                                              SHA1:E85D762B8A722A7CF1510347971561BED3DA3D61
                                                                                                                                                                                                                                                                                              SHA-256:D1E7DE0DBC4E009E49FC223A015A5BCC8B3E2B01904D42B7127DD833A755C280
                                                                                                                                                                                                                                                                                              SHA-512:2CC0860C4DF8539784814695BC79BDE5AC284D330D60137B9B5C6921D2C1481729B3D089BD7AF1B5F4610928295FBFE395BA77A5F4CBC82DB66A4913CA584494
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....6...............................................`............@.......................................... ...3...........8..8)...........................................................................................rdata..............................@..@.rsrc....3... ...4..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1051.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):272184
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.9289493184324353
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:FF840F99275D56B600F2AE0DA9CC6925
                                                                                                                                                                                                                                                                                              SHA1:DA528FCBB619541DB6C79D0FA800C0C0745F1CAD
                                                                                                                                                                                                                                                                                              SHA-256:4B0D9E6B05B4D3A24F022ECF8507B071A1221A6B811287649EB6AB08ADBE89EF
                                                                                                                                                                                                                                                                                              SHA-512:3BC42BDC9295E2A6593A88D9763CB98FD6203E93566AD207E91CCFF6F7D1F6E8796BC8A306FBB0EB67E49B1144D52552660BA7516548A0C7F5F1496D25443D3F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................... .......|....@.......................................... ..0...............8)...........................................................................................rdata..............................@..@.rsrc...0.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..`....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1052.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):99128
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.168953199425348
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:29C81D6345ED3E3C2CFE71BFF7048117
                                                                                                                                                                                                                                                                                              SHA1:65C18C3B4BF014B0C489E0A20E3CBEE09BF5D008
                                                                                                                                                                                                                                                                                              SHA-256:26AD2CA7D361ECA1C856A2526B70A5A057484CDC9E68850EF499A4585197A883
                                                                                                                                                                                                                                                                                              SHA-512:0892C256C05EC55EA70361B1AA6A39DA4124ACFC9F31D87FD711FEC3C159D92AEB8C16F534EDBF67A73A3BEEB28F5312E1FCE7822C395573397FDA5BF36F4486
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....X.......................................................J....@.......................................... ..hT...........Z..8)...........................................................................................rdata..............................@..@.rsrc...hT... ...V..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...;...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1053.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):268600
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6990050058262463
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:9D90FD74ACB92602E65431AF365CB0E3
                                                                                                                                                                                                                                                                                              SHA1:7627905E9F650E832A4DF1618092F3BF01D977DD
                                                                                                                                                                                                                                                                                              SHA-256:512A13BA0E6AC789353E40B2D9C2A957E58EDF600822EE3A3F107122DCE80041
                                                                                                                                                                                                                                                                                              SHA-512:46880CA5FE291D40CBF3BD11BBD62E5E8AD894EFB97319B39169CED6A7A234D25CDC6F46F13838A947028BE3BB789D41A9D74D116307E04A85B93CC9EAFED382
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'............................................................`3....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1054.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):256824
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.406814094362952
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:9F9D9F6E116A7FBCF16B4FA45D65510E
                                                                                                                                                                                                                                                                                              SHA1:08FCD922DD751BBFA35BED0C9754AE2F0A4D516E
                                                                                                                                                                                                                                                                                              SHA-256:A7F32D8B4BB17960640CB2D5B43B3AAFE80FB85B80773F8F86C3FEE119728B0D
                                                                                                                                                                                                                                                                                              SHA-512:E540F270F73E1AD867A332F031AC3A0422F2F90DADF0F7E377D70475011888CF896DC60B28C4F248CECC5A8E10F695A099AA8908595B7E460FD9DBF8861E576E
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'............................................................!.....@.......................................... ..`...............8)...........................................................................................rdata..............................@..@.rsrc...`.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1055.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):288056
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.8720118303997513
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:8D41364345901D9E25A5810FE5ADB0E6
                                                                                                                                                                                                                                                                                              SHA1:47B6033B743262E4ACFFAF7ABEC8B506EDFED3BE
                                                                                                                                                                                                                                                                                              SHA-256:EFA869F91EC75EBD104C6DB9BD5B52E7166A44D3688FBE7C667B87258C1C2954
                                                                                                                                                                                                                                                                                              SHA-512:654968517FE9D34266568AB20C759EBD5E6D022651556570FCE9CE88F1F80670E1AAC62C19C8D1EDB5EC50DC2F8E6699B856B81DA4A863024B71A863274D6AA8
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....:...............................................`............@.......................................... ..P7...........<..8)...........................................................................................rdata..............................@..@.rsrc...P7... ...8..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1056.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):275256
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.177736618458548
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:E45FBCCDDF0286287A93EC9FF64FFA45
                                                                                                                                                                                                                                                                                              SHA1:D4FDCC7E6476408D6F89CBAD2D3CD0CC6527910C
                                                                                                                                                                                                                                                                                              SHA-256:AA85EB5999B678D7660167BEC6C1B0EECDA15C4D7191E134D19FF33DB68961A3
                                                                                                                                                                                                                                                                                              SHA-512:A274907FADD50CA1217F17FBCA6D4300CA2E94E1D3BEF38C82FC945DBFB573B620071F0869BDE29A649EE075BE3D4424AD501FC47E319CC897B0474A03FA05CF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....................................................0.......,....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1057.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):277304
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.6399112082460663
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:D7BDEC4A0AB4461AD45F8497F8F74E8F
                                                                                                                                                                                                                                                                                              SHA1:8F9C1544376CB78B12734ECE5B8BE426DD383684
                                                                                                                                                                                                                                                                                              SHA-256:FB389A1C0CE4C8DCDD8A08C6CCF8940D007036CB6ECCE50456D5AF7B7212C20A
                                                                                                                                                                                                                                                                                              SHA-512:0A613173895867A6B0957EB39B4E1F35EA4C74EE2634EDAC8782437F03089001180DE7827A3116B2A9C50D56764323B3140A7EEE7F238DC77668D7F62DDEF1C5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....................................................0............@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1058.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):279864
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.276377900797251
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:8AECA83CCD58EF4B4C8A0B1FFA616811
                                                                                                                                                                                                                                                                                              SHA1:380D0D396805E47211214994B72ED5B8C7144EEC
                                                                                                                                                                                                                                                                                              SHA-256:83A2B826EF13D87DFD3FD63CA1FD79D86790134ABA71DC912E3E8AABB75A0B64
                                                                                                                                                                                                                                                                                              SHA-512:6EFB5DB87589FA3ABF6B13FF8585BF736B8403461A0A164EB92C7421163D0D908FF0952CEF618713A1BF86EB77DAE107E55466671709255BA5A948F1A35B2D89
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....................................................@.......q....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1059.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):273208
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.280679055941737
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:569A065B49014DC0FCAFB09BD33B25AB
                                                                                                                                                                                                                                                                                              SHA1:795766A43F40D653CB1B2F7DF375DDC9F0D48E20
                                                                                                                                                                                                                                                                                              SHA-256:450FBD00B0304D2262E3A26941BC2AC3096674C1070ADFA4B2ADD53249C063BE
                                                                                                                                                                                                                                                                                              SHA-512:C32E7C68FF88BB677CD15BFEE580852AAAAE5740BE526C80E0F38FB6038B5D15629CAF46D7A05A3B24F0758AD74502939672B468150CBCB4CC7845210BBC6D80
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................... ......5.....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..8....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1060.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):291128
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.7329365199723576
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:CCD851B53F3B9898B841F734030D4480
                                                                                                                                                                                                                                                                                              SHA1:60ECDA7FE1F8324933413EEAA1B6D077932068CE
                                                                                                                                                                                                                                                                                              SHA-256:CF77B3D80BE23FE2B564C66B19E6172A043E7131892FDA5F5DA2823C2EB6ECDD
                                                                                                                                                                                                                                                                                              SHA-512:CC3ADDB91114E1876C778DF250B3C1BB031A58C6B60CBD925B309241F3AAD3DBB6705D1C6AECBE450824BEC60B38B966AF62433BF21BC2908DDB77D3572D887F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....F...............................................p.......6....@.......................................... ...C...........H..8)...........................................................................................rdata..............................@..@.rsrc....C... ...D..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1061.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):263992
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.680105849089776
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:2C89A6818189D91A9FCB80C25C52BBE0
                                                                                                                                                                                                                                                                                              SHA1:1915BC7A0EF750319539B618D14BEE4D721A395A
                                                                                                                                                                                                                                                                                              SHA-256:88023F360AFE354ADFB9317772F734BD7E234E164A909F7CE79E2DD9B765E54D
                                                                                                                                                                                                                                                                                              SHA-512:129FAF05B7F4B7D412BF1A71D5589129BFA2612782C9FAD645AD7E0ED6DC1382D6387738D2DD6AEC382EDA8BFCB9170715865B91CD280C9F169DF58FB887E7CE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'............................................................8.....@.......................................... ..p...............8)...........................................................................................rdata..............................@..@.rsrc...p.... ......................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1062.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):272184
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.880752464058992
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:1B5AF327D82FF4AA7B653C83B461853E
                                                                                                                                                                                                                                                                                              SHA1:AFED39FF7CB7821BF8B9C9E4B84134F33F35920D
                                                                                                                                                                                                                                                                                              SHA-256:8B7719BD36F7E9D430CBE57520FB70240BFDF1A7B13EE881FF4F3B868D01ECFF
                                                                                                                                                                                                                                                                                              SHA-512:797A67182ADE2D1C43E2B5FB53AE0F51C97672D0EEB818EF2B9FD6B28BDE1E3FACA15F85D0EB9D249935F4B7F11B8D11DCE6CC4CD86D89D5D06A22C54BFDC9EE
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................... .......4....@.......................................... ..P...............8)...........................................................................................rdata..............................@..@.rsrc...P.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1063.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):279352
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.83888776583839
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:E97A28CDDA400A5D7F66A8153EE4FAE1
                                                                                                                                                                                                                                                                                              SHA1:FD7A78A7D14BF38A10CCEAF461CE4EED966377A7
                                                                                                                                                                                                                                                                                              SHA-256:F27F7064CCF14BC41F7E91FD754BB651F9FCC04EBDF231914F5B404FBC7E0488
                                                                                                                                                                                                                                                                                              SHA-512:9B07D4AD5C1A3222EF9709ADB6FEC5E2EE1875FBC787070785931312A8CA9DCE9645D6729E87099600A0FEE1D2EADCA1DD90C68813BD20FAED58E029AB6538C8
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....................................................@......n.....@.......................................... ..8...............8)...........................................................................................rdata..............................@..@.rsrc...8.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..h....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1065.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):273720
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.129757919890257
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:9690637DAC4ACB394FE9E4A782D634B6
                                                                                                                                                                                                                                                                                              SHA1:D2DB095BF42348A6A2939B7420D56F7CAE7FF69B
                                                                                                                                                                                                                                                                                              SHA-256:4617C6D82781D1934A56D27DBFE1F6249DC1C95775244FC61C15C89B1965A279
                                                                                                                                                                                                                                                                                              SHA-512:DDADD852EA92A9DB7D18B87BEB31BC661DE151D437F52C25FDC8BD10BA18A99C74C06A33E46D267F8B6503C046CD557941C51ED54CBC8F745212726852F16A75
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................... ......B.....@.......................................... ..8...............8)...........................................................................................rdata..............................@..@.rsrc...8.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..h....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1066.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):284472
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.217532644884037
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:DF655C2435EDA6791B3CD7E3E3FA5782
                                                                                                                                                                                                                                                                                              SHA1:3B61D27BFB037FB553A0100C31377582E09F18D5
                                                                                                                                                                                                                                                                                              SHA-256:9C5815B3ABEEDC71CA4BE31597C9331C8CFE0282F9D67F9F4A1D9D7506CBABB4
                                                                                                                                                                                                                                                                                              SHA-512:0F31FBADDEDB04F973BA2EBD8A69A3B900AD227EB33360DEEE285CB9EE26136EC112FA155DEE01E53702D4F265C4FD7674F95FE6CEF3FF6305DCF1C20C8F20AF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....,...............................................P...........@.......................................... ...(..............8)...........................................................................................rdata..............................@..@.rsrc....(... ...*..................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1067.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):97592
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.745983137102855
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:26669935A3ACB70463AE5CE1C9CA4F73
                                                                                                                                                                                                                                                                                              SHA1:AA25AB29999186AF2831340D1FF751D70147DF7B
                                                                                                                                                                                                                                                                                              SHA-256:45C5E7DD67D28C3F01DEC33F70C2285FD0DB46818927431216823377A2121D16
                                                                                                                                                                                                                                                                                              SHA-512:9C308D6E02BDABE1365893D7E378099A7A15A0536DC8BA3B635E64666377E85A3198BA5E8CBF2A36A4233AECE6D4519C90EAC2C8A3CCB0983B64149D28B6B731
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....R...............................................p......L.....@.......................................... ...O...........T..8)...........................................................................................rdata..............................@..@.rsrc....O... ...P..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...6...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1068.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):97080
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.300772425365659
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:4C75D5FDF73287038FE495CC3E873AD6
                                                                                                                                                                                                                                                                                              SHA1:D091C1DA16991FA838092C0581CDDD33D4B9FE29
                                                                                                                                                                                                                                                                                              SHA-256:3C4BB35FB24F3596B448B8F47F4F022A73EC34C47ED4A175D06EA4A2528D0A87
                                                                                                                                                                                                                                                                                              SHA-512:8B8653144032B6ACF2FE367284388BE5C3C0408AF986264696E4758717C538D63386EE8F08E8E419FE1FBE05547CE5E4B2132075506AA094B55379CFD2AB0FE7
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....P...............................................p......A=....@.......................................... ...M...........R..8)...........................................................................................rdata..............................@..@.rsrc....M... ...N..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..P4...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1071.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):106296
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.684423490305839
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:0847F23F33BA98D5807E11E7D4307319
                                                                                                                                                                                                                                                                                              SHA1:03013FFF26AA1AF6AE4E2CA9EE2AD259DCE744A6
                                                                                                                                                                                                                                                                                              SHA-256:6B16F802CCF665A251C5A98C82C9BEC2C51F7DAA18570A66C3807F29FF0E72A8
                                                                                                                                                                                                                                                                                              SHA-512:ED49C3AE2D880091A57903D597CFABD216626646F75806164A0A8C45CE633DB9C169BB124C139595F10FF2CF172C1D92BEF08542FDF0190D872FF4259BA50461
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....t.......................................................9....@.......................................... ...p...........v..8)...........................................................................................rdata..............................@..@.rsrc....p... ...r..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...W...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1079.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):98616
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.810121070166624
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:385A3DDE81A8B55546A01CA0EF8FFE79
                                                                                                                                                                                                                                                                                              SHA1:C56CDD3DE6ACCB5D0CCEECA31DECA0AC7A3AB2DC
                                                                                                                                                                                                                                                                                              SHA-256:47187E5A2AEF05517418BF174E5CBF3506F8060EBB840877321C1A12C8AEFAC2
                                                                                                                                                                                                                                                                                              SHA-512:CC181E1E1D87BB2F4043E752B737969222EA964C914CAFA78BC7277537DD7C5839C5A8023B48866AC47B0936EA9A96A4BCED5B390DE16A1783751521BA021CB1
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....V.......................................................%....@.......................................... ..(S...........X..8)...........................................................................................rdata..............................@..@.rsrc...(S... ...T..................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...9...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1081.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):276792
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.288577369004189
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:70FE6C8480C5B1EC4EA822D03FF81233
                                                                                                                                                                                                                                                                                              SHA1:12F18AC3AD5DFE10DCDC0977762ED81C513C0F5A
                                                                                                                                                                                                                                                                                              SHA-256:41C8FE58F9D90BF0AD1E6B655AC6C3B5B6BF3CBF73FF1611E1D86A70C59BD5C1
                                                                                                                                                                                                                                                                                              SHA-512:3154F117182F3416EE89EFFE13DAA3AA88AF82F33C550E2541ECC7327ACC7E1E7B32595A426609DD85DCE9B4AAE56B3AE43C8A586F45BA996F11B317420A66D2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....................................................0......uJ....@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1086.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):287544
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.5929107960482884
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:367F114E3A68C8C051703C6EAD98F114
                                                                                                                                                                                                                                                                                              SHA1:92168DAB713F266A37454502995CFDB126CE2EB6
                                                                                                                                                                                                                                                                                              SHA-256:93BB99F05E68A106B72B67C2B32227B11F82C7016260195E90B1B7431E386868
                                                                                                                                                                                                                                                                                              SHA-512:CC76465AA4A8AE8D6C40743E89C6EDF326E44C2616E21D6398F522910F9A8141F6E41FE47C670407F6E5081B5471FF64FB6A4469819024F51A5FB506FFD4EF61
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....8...............................................`......G.....@.......................................... ...5...........:..8)...........................................................................................rdata..............................@..@.rsrc....5... ...6..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..0....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1087.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):95544
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.7335596580584856
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:EA0D0B3F7F16673220E9AE3969ED45E5
                                                                                                                                                                                                                                                                                              SHA1:793D35FADDC211C5FF66A5973E7415603FF2464B
                                                                                                                                                                                                                                                                                              SHA-256:1B834E8895FBFD162D217FE7DD5127CDEB955E12A07BA845FEFEA97D6C2C1299
                                                                                                                                                                                                                                                                                              SHA-512:40246711809BB4EAF25252749DB4FCA3A1FBB2BA97EADFB82524B324A7FD51153E5AEAB775AF50F078F289232973E0D0432C3224CA9AACE07C80B24585491008
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....J...............................................p......E.....@.......................................... ...F...........L..8)...........................................................................................rdata..............................@..@.rsrc....F... ...H..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..P-...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1090.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):107320
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.223021037504826
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:65B64C20B65C6FB133F781A2E1359313
                                                                                                                                                                                                                                                                                              SHA1:53D7C6CA71F72CB8BC443D11AA537729B6E49BE4
                                                                                                                                                                                                                                                                                              SHA-256:C7C1A957FAE16C1DC6474C228F3CB49F62B745C359D7022D243B8082EDFDB983
                                                                                                                                                                                                                                                                                              SHA-512:86D22EA82E2CED1736E8C07A4F01A103793DEE8032856884DAA82297F30A8BF25E2749EA3BDEFB425C99777D0C841AF95AAD6FFD38518ABAC1571D34348F1BAF
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....x.......................................................`....@.......................................... ...u...........z..8)...........................................................................................rdata..............................@..@.rsrc....u... ...v..................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...[...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1092.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):95032
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.844463715324896
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:8B4F10962FCBB96560B503C14E3996F5
                                                                                                                                                                                                                                                                                              SHA1:2C86CE16613248578F969109C064910F75335879
                                                                                                                                                                                                                                                                                              SHA-256:44E47257EEB32138A7441D71F8844A64B517E697CB0457F0420A0D331F8200D9
                                                                                                                                                                                                                                                                                              SHA-512:018233A69417CE071B4FA11A5E4FF4474BFDF69F532403DD6CB81ED5CD0B996BF218EDCA0CAD4043AEDDC5A9CB978EE49BD3B48BE9E906101ECD7E5E4B94DD29
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....H...............................................p......<.....@.......................................... ..(E...........J..8)...........................................................................................rdata..............................@..@.rsrc...(E... ...F..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...+...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1093.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):280376
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.34798913496184
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:E434012F1EF326283EFEE9737D863B43
                                                                                                                                                                                                                                                                                              SHA1:B72D5BFC216A168FF345E74776F370ECFE21A203
                                                                                                                                                                                                                                                                                              SHA-256:01F2A4EEE2E5FA230D23BB1EFFA8F47B2E997FBDC1A222D59E05A9D02E78E219
                                                                                                                                                                                                                                                                                              SHA-512:0C3D16FF374691320D5431676865361A10B4CDEB16448D31D99AB446979E08C9B61720CDFDB85EBF831C424D43EC95038CB68B8B727CA22DBF0F80682E4FDCC9
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....................................................@......r.....@.......................................... ..0...............8)...........................................................................................rdata..............................@..@.rsrc...0.... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L..`....rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1102.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):99640
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.72913305552437
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:4933340AC0057969F052CAD22CA6067A
                                                                                                                                                                                                                                                                                              SHA1:2472B3B4DEA372F01EEFF5D0778972FEC2F10D1D
                                                                                                                                                                                                                                                                                              SHA-256:F31156A07CDFB299BE23F730A68E187F729BEE5BB03789AE04D1D4086684ED3D
                                                                                                                                                                                                                                                                                              SHA-512:A7D4EBDE608A34169E4E4D0FF3840B9835255A43E3186116A88DF829EB2392B6999D55BE112E7BC8405A1A5BAA036F34CC60E02399A9E67BF550B0FAD26B9670
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....Z......................................................!.....@.......................................... ...V...........\..8)...........................................................................................rdata..............................@..@.rsrc....V... ...X..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..`=...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1104.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):97592
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.754900601758707
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:FB6FA1A941C6E412DC6676528D7B34E3
                                                                                                                                                                                                                                                                                              SHA1:A57A10BEB61185B20A0306960548010BAB4D52B3
                                                                                                                                                                                                                                                                                              SHA-256:591379225EB3E682DB9F4376EDC193967FE74B8BA02E3936A67DC9CAA04DA897
                                                                                                                                                                                                                                                                                              SHA-512:9B2B5337C8BF9397A2B2FCE9A5F97AB6C26B9D62FED783284CB50CEE84E9DC8B4EBE48392F8325F9AC0BDB6D1BC762A8A661912680531B646DD4C6F1ABFADE0A
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....R...............................................p......[.....@.......................................... ..PN...........T..8)...........................................................................................rdata..............................@..@.rsrc...PN... ...P..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...5...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1109.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):102200
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.690951150326739
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:9B8557734B14D91B1D5DB0FC9032A9AA
                                                                                                                                                                                                                                                                                              SHA1:548AC5A087D3C952C657381A699FE909DFA20175
                                                                                                                                                                                                                                                                                              SHA-256:F1EE8C9796129F78785B183F378A1AD066814F8456710DD6D9F163A69A5F9F36
                                                                                                                                                                                                                                                                                              SHA-512:22C40BC195F1A5AC8D56B906686475918C6E50A69056727EB4D5DA807926F30E933CDA663747388D014DB278B72AEBC57258445726835BD48B30DC8FC9F0C4BD
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....d......................................................U7....@.......................................... ...a...........f..8)...........................................................................................rdata..............................@..@.rsrc....a... ...b..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...H...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1110.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):97080
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.149948710746257
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:7275986050A642B9751F52DFB0A3EF4A
                                                                                                                                                                                                                                                                                              SHA1:B3CEB46FC457E4D2970838E9086421CA8CE13F00
                                                                                                                                                                                                                                                                                              SHA-256:F19AB507DA9D115ACEC1C84EE336895A7F585588EAC093E8602A6F9D2B920C4A
                                                                                                                                                                                                                                                                                              SHA-512:19356FD719D5CC4C759F7BC3A4AE0427A2B400C60F4A0E4B4179776F7FC249C22DC2A7C7650F06A7A805924533B419A15AB8404A787C9E57E87E5D51E3B5F401
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L.....'f...........!...'.....P...............................................p.......Q....@.......................................... ...M...........R..8)...........................................................................................rdata..............................@..@.rsrc....M... ...N..................@..@......'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9..84...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-1155.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):113976
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.053719737166396
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:2E5E8FC01F6363827832E1352D76267D
                                                                                                                                                                                                                                                                                              SHA1:EA62A3D7AC8254FAE96B6D5B549FA96CB906A88F
                                                                                                                                                                                                                                                                                              SHA-256:43D20539349EE51141A6B4973446473DC880E375B4C5ADF178005BD3592487A0
                                                                                                                                                                                                                                                                                              SHA-512:283DDC39E1BA9925FE62ACF9F8B57F062D044D5D61856D4623B59E5C0B76BD6770C5D0F09F82546620B38C6CD97C717EDFF40C6C4C84DD62C5543610E7D458F1
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................................@.......................................... .................8)...........................................................................................rdata..............................@..@.rsrc....... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...v...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-2052.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):114488
                                                                                                                                                                                                                                                                                              Entropy (8bit):6.412089076920203
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:242EBCCB51A653E6735F97FF6CCF3191
                                                                                                                                                                                                                                                                                              SHA1:7EF6D920E9493757390018ED16F076AD74C70BEC
                                                                                                                                                                                                                                                                                              SHA-256:5D0428EB75ECEAC3B02824884C1F0754DA227F27887796A15290616C002101B0
                                                                                                                                                                                                                                                                                              SHA-512:6421EB66E6A085E086CFA12C47786A5A3E768224ABA33D605B9FFF8248C7FFA7A50726BE3CEB08F40C0ACFD93E6F95ADB07D5EBF1081CAC895AE39CEF98FF8D8
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'..................................................................@.......................................... ..................8)...........................................................................................rdata..............................@..@.rsrc........ ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L...d...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-2070.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):290104
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.647384770782947
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:F06551DB96B650D71E1A19DC76E447AC
                                                                                                                                                                                                                                                                                              SHA1:997127433E958D09DB299C536635A8BE91698A37
                                                                                                                                                                                                                                                                                              SHA-256:1C8979DFB053000499F35B4687E7762A13CA764CD89CE4BF2D3AE57E80478219
                                                                                                                                                                                                                                                                                              SHA-512:E23EE2EC32D0886FCB7BF963225B9578B5AD62A3381D00595DD38BD040F92F781F79D7109009D0CB982FB5F22DFC2DDE6D9AF41EE6B1A53E3FB4A50EC89A35D2
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....B...............................................`............@.......................................... ..P?...........D..8)...........................................................................................rdata..............................@..@.rsrc...P?... ...@..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-2074.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):285496
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.7488194035132305
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:1415861521E7DDFE93EC6B0FB5914A5C
                                                                                                                                                                                                                                                                                              SHA1:6A93A6EC9424AD274B6BEE1C378565A70EA54744
                                                                                                                                                                                                                                                                                              SHA-256:E8A825EE76ACCC89059153934BB80A611DE20EA97DC1710977F3483CC2619617
                                                                                                                                                                                                                                                                                              SHA-512:4AA847502F1A124BB56299B60C60D1A5A0A5A1ECFD3DED86FD548ED5C70B1A744424D5CD25FBA6406BFEC30B92141CE1084D1C72BF6A4496F1FCE63B91D07107
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....0...............................................P......O.....@.......................................... ...,...........2..8)...........................................................................................rdata..............................@..@.rsrc....,... ......................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ...,...rsrc$01.....L.......rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-3098.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):99640
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.703061225228535
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:B98D9142415C790A47D77E7BE6C44849
                                                                                                                                                                                                                                                                                              SHA1:EF1B10D34D2E937773B55E5BB9EDA74BA99F70F1
                                                                                                                                                                                                                                                                                              SHA-256:C10DC7F0C2DBE90810A8B9063A213074624CCC95E2F70FFDBFC47C2D39568076
                                                                                                                                                                                                                                                                                              SHA-512:E4A44B4C51AB9792332088008397BBAE6383C4F71F5D906DB38153FBC5FD285A24ECE15CD2F69D51B6F3259A576BB40EEE0CE3AD8A783B4C150D4A082D260FC0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....Z...........................................................@.......................................... ...V...........\..8)...........................................................................................rdata..............................@..@.rsrc....V... ...X..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...<...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-5146.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):102712
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.170904053781955
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:EB8B44B42DC212F6E1A907B9F3923C1B
                                                                                                                                                                                                                                                                                              SHA1:E19A0CE62AD3751761837107DC0B931DACB86633
                                                                                                                                                                                                                                                                                              SHA-256:33BF6C33122ED46CA38EE583E6EEFB6ED000F907F3A5D7DC9751F47EA2198F3B
                                                                                                                                                                                                                                                                                              SHA-512:6E67862765C36E33E3C868B73C3D20A189C4E9FB8658D5686D23BA5E14E9B6601E9D361F4AA77762918DC86BFE50C330337B5855CC4A28F2469068CB0E061751
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....f......................................................<E....@.......................................... ...b...........h..8)...........................................................................................rdata..............................@..@.rsrc....b... ...d..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...I...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\lang-9999.dll

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):101176
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.729906595782769
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:7A4C4D1404E8457F68910BE2577945FB
                                                                                                                                                                                                                                                                                              SHA1:879E3AEC18A1CFADD7DB6A7941DC30FD06DEF356
                                                                                                                                                                                                                                                                                              SHA-256:22439452C1F34992B0D8C2FADE574BF35E4C968B5BEFC7BAFFF4CAF033B37DC5
                                                                                                                                                                                                                                                                                              SHA-512:18EB15639BA23DAC98AD69B435C6882D5B80FCB717766CCFBB760861A2BA8D76C68911ED605421D3AE504200ABB82E783687FD2A9DD640CC88196F305EDFA97C
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........^...?...?...?....~..?...?...?.......?..Rich.?..........PE..L....'f...........!...'.....`...........................................................@.......................................... ...\...........b..8)...........................................................................................rdata..............................@..@.rsrc....\... ...^..................@..@.....'f........l...4...4........................................rdata...........rdata$voltmd...4...l....rdata$zzzdbg.... ..P....rsrc$01....P9...C...rsrc$02............................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\AI1PSF8OO45SWSO18X3C.temp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):6907
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.132989629667411
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:0323A7E05731F76784793CE3F04A6791
                                                                                                                                                                                                                                                                                              SHA1:2635FACBDA7A3557EC6B3BDEC6C174F5B0B944AE
                                                                                                                                                                                                                                                                                              SHA-256:82624A1E4B2CA7DF549AEC751836EA9A83E5DBEA1D3682944699CFF3A1DB3788
                                                                                                                                                                                                                                                                                              SHA-512:AEA2B554A7DF9937ADB2F143D4986DB9A99191A3FA301335E0026351AAD4F04BA8E50D7608CDE0E708CD0B9D8C209C0CE0A4A43F9B646995B6CFC3CD2FA08835
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:...................................FL..................F.@.. ....+-h.....(.vj....+-h.....5...........................P.O. .:i.....+00.../C:\.....................1......X{e..PROGRA~1..t......O.I.X{e.....o..............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......X.e..CCleaner..B......X{e.X.e....yv.....................!..C.C.l.e.a.n.e.r.....j.2..5...X.W .CCLEAN~1.EXE..N......X.W.X.e..............................C.C.l.e.a.n.e.r.6.4...e.x.e.......W...............-.......V...........'.\/.....C:\Program Files\CCleaner\CCleaner64.exe..../.A.U.T.O.J.L.(.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.C.l.e.a.n.e.r.\.C.C.l.e.a.n.e.r.6.4...e.x.e.........%ProgramFiles%\CCleaner\CCleaner64.exe..............................................................................................................................................................................................................................%.P.r.o.g.r.a.m.F.i.l.e.s.%.\.C.C.l.e.a.n.e.r.\.C.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DIZ816PMC8NWIEOL9AG0.temp

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):6907
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.135630453814284
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:41CA323DE6B3ACED46CB320E572D3F70
                                                                                                                                                                                                                                                                                              SHA1:69D6A494222944EED81353759D712714BEC18781
                                                                                                                                                                                                                                                                                              SHA-256:D82310D233D7A0EC228416549C63DFB5F01EA10F849243065A536E3F22956969
                                                                                                                                                                                                                                                                                              SHA-512:6C91B176141A3C152573089EA587F67A6E33B4343AB71F64F34AD448234DC522CFD0EBF6CDE30C363875D72B64FF10C980CD9E04E584140DEA3ED0FA6207644F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:...................................FL..................F.@.. ....+-h......mj....+-h.....5...........................P.O. .:i.....+00.../C:\.....................1......X{e..PROGRA~1..t......O.I.X{e.....o..............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......X.e..CCleaner..B......X{e.X.e....yv.....................|..C.C.l.e.a.n.e.r.....j.2..5...X.W .CCLEAN~1.EXE..N......X.W.X.e..............................C.C.l.e.a.n.e.r.6.4...e.x.e.......W...............-.......V...........'.\/.....C:\Program Files\CCleaner\CCleaner64.exe..../.A.U.T.O.J.L.(.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.C.l.e.a.n.e.r.\.C.C.l.e.a.n.e.r.6.4...e.x.e.........%ProgramFiles%\CCleaner\CCleaner64.exe..............................................................................................................................................................................................................................%.P.r.o.g.r.a.m.F.i.l.e.s.%.\.C.C.l.e.a.n.e.r.\.C.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccc0fa1b9f86f7b3.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):6907
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.135630453814284
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:41CA323DE6B3ACED46CB320E572D3F70
                                                                                                                                                                                                                                                                                              SHA1:69D6A494222944EED81353759D712714BEC18781
                                                                                                                                                                                                                                                                                              SHA-256:D82310D233D7A0EC228416549C63DFB5F01EA10F849243065A536E3F22956969
                                                                                                                                                                                                                                                                                              SHA-512:6C91B176141A3C152573089EA587F67A6E33B4343AB71F64F34AD448234DC522CFD0EBF6CDE30C363875D72B64FF10C980CD9E04E584140DEA3ED0FA6207644F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:...................................FL..................F.@.. ....+-h......mj....+-h.....5...........................P.O. .:i.....+00.../C:\.....................1......X{e..PROGRA~1..t......O.I.X{e.....o..............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......X.e..CCleaner..B......X{e.X.e....yv.....................|..C.C.l.e.a.n.e.r.....j.2..5...X.W .CCLEAN~1.EXE..N......X.W.X.e..............................C.C.l.e.a.n.e.r.6.4...e.x.e.......W...............-.......V...........'.\/.....C:\Program Files\CCleaner\CCleaner64.exe..../.A.U.T.O.J.L.(.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.C.l.e.a.n.e.r.\.C.C.l.e.a.n.e.r.6.4...e.x.e.........%ProgramFiles%\CCleaner\CCleaner64.exe..............................................................................................................................................................................................................................%.P.r.o.g.r.a.m.F.i.l.e.s.%.\.C.C.l.e.a.n.e.r.\.C.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccc0fa1b9f86f7b3.customDestinations-ms~RF6e7894.TMP (copy)

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):6907
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.135630453814284
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:41CA323DE6B3ACED46CB320E572D3F70
                                                                                                                                                                                                                                                                                              SHA1:69D6A494222944EED81353759D712714BEC18781
                                                                                                                                                                                                                                                                                              SHA-256:D82310D233D7A0EC228416549C63DFB5F01EA10F849243065A536E3F22956969
                                                                                                                                                                                                                                                                                              SHA-512:6C91B176141A3C152573089EA587F67A6E33B4343AB71F64F34AD448234DC522CFD0EBF6CDE30C363875D72B64FF10C980CD9E04E584140DEA3ED0FA6207644F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:...................................FL..................F.@.. ....+-h......mj....+-h.....5...........................P.O. .:i.....+00.../C:\.....................1......X{e..PROGRA~1..t......O.I.X{e.....o..............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......X.e..CCleaner..B......X{e.X.e....yv.....................|..C.C.l.e.a.n.e.r.....j.2..5...X.W .CCLEAN~1.EXE..N......X.W.X.e..............................C.C.l.e.a.n.e.r.6.4...e.x.e.......W...............-.......V...........'.\/.....C:\Program Files\CCleaner\CCleaner64.exe..../.A.U.T.O.J.L.(.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.C.l.e.a.n.e.r.\.C.C.l.e.a.n.e.r.6.4...e.x.e.........%ProgramFiles%\CCleaner\CCleaner64.exe..............................................................................................................................................................................................................................%.P.r.o.g.r.a.m.F.i.l.e.s.%.\.C.C.l.e.a.n.e.r.\.C.

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\cookies.sqlite-shm

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ol7uiqa8.default-release\webappsstore.sqlite-shm

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):32768
                                                                                                                                                                                                                                                                                              Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                              SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                              SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                              SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Users\Public\Desktop\CCleaner.lnk

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon May 20 09:56:46 2024, mtime=Sun May 26 11:44:09 2024, atime=Mon May 20 09:56:46 2024, length=45430176, window=hide
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):863
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.5241077097635625
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:859B3FC6F0A96365A1AA3825C6CA2A90
                                                                                                                                                                                                                                                                                              SHA1:2E035BB69AE37F8FBC4D381B4BB131CAD7202990
                                                                                                                                                                                                                                                                                              SHA-256:AF4B25F61C01792896681DF8CEE8704354A88264DCEE5AE27E968E5C6CD5F855
                                                                                                                                                                                                                                                                                              SHA-512:ADB3FDBD0E7B8990ED3EC8CAFE5A56AED57D09FAF118098E570420B9C93C5DA818FDB08209D4AEE866EE662BE369BD732EE8C0FAD01EA944A4BE1445C0A43145
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:L..................F.... ....+-h.....&.gj....+-h.....5...........................P.O. .:i.....+00.../C:\.....................1......X{e..PROGRA~1..t......O.I.X{e.....o..............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....Z.1......X.e..CCleaner..B......X{e.X.e....yv.....................:..C.C.l.e.a.n.e.r.....j.2..5...X.W .CCLEAN~1.EXE..N......X.W.X.e..............................C.C.l.e.a.n.e.r.6.4...e.x.e.......W...............-.......V...........'.\/.....C:\Program Files\CCleaner\CCleaner64.exe........\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.C.l.e.a.n.e.r.\.C.C.l.e.a.n.e.r.6.4...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.C.l.e.a.n.e.r.`.......X.......571345..............n4UB.. .|..o.(..]......P..#.....n4UB.. .|..o.(..]......P..#.E.......9...1SPS..mD..pH.H@..=x.....h....H......c-dSA....n.............

                                                                                                                                                                                                                                                                                              C:\Windows\INF\ks.PNF

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:Windows Precompiled iNF, version 3.3 (Windows 10), flags 0x1000083, unicoded, has strings, at 0x15998 "Signature", at 0x68 WinDirPath, at 0x80 language en-US
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):129356
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.1899527092759135
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:FC0350E2BEA7638D48EDFCB15F658C98
                                                                                                                                                                                                                                                                                              SHA1:903B1C568D2C6766D0AB46557083036C0274FA94
                                                                                                                                                                                                                                                                                              SHA-256:68CCF027EABCC7905138D8A1BF0F225B64ADB90E5F2146758AAFEC2DC0782A40
                                                                                                                                                                                                                                                                                              SHA-512:F206F108996EC122E024DE6210B101CE0A9279DB3CC2D0729EC19DF04843313ACA5515BC67122B5A984F6F34E2018868A9AD17BE2E638A863846AA4BE1FB33C3
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.....................Y..<.(....rxj.........Y.......Z..,....[...).......9..x...h...............H.......C.:.\.W.i.n.d.o.w.s.....e.n.-.U.S.......l.......(........i...@...@..`A...B...9...:...:..P;...;..8z...............l..\<..(%...z..LD...)..`s.. F...P...Q..TR...R...S..HT...T...U.......V......|....z.......k..<...............Hu..`"...........K......`...,g...<...=...=..<>...>..l?...3...4...4..h5...6...6...........^..........X....j..........$M..|W.......X..pY...Z..........`o..`l...H......H...........$|..x... ...t...............8t...s...............O..$....4..........C...W..P....M...t......j..."...q.........,....6..t....I...D...d..(]...!...d..Xe..8...............lk..dc...g..hn..X3...+..0............c..........l3...........X..dW..4W...X.......T..|i.......e...........G..$S......d...H.......a..P]..........t...4_...........................v......x....F..$...0...P...x...........L........F.........p....Y......t.......D....-..L ..."...#..\)..\&..,D..$b...b...+...k...]...^..d_..`h..8....\.....

                                                                                                                                                                                                                                                                                              C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Logs\dosvc.20240526_124430_058.etl

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):196608
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.4938418980384123
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:AC968609954332D5969A2AD680FD31AC
                                                                                                                                                                                                                                                                                              SHA1:96C53C0A2CD58797A91D3E2D203D471B8371A3FD
                                                                                                                                                                                                                                                                                              SHA-256:0E50288D55F84FA9ABF71F50F638C7DD9543E13BAD15A9CB29D885E820B9D7E1
                                                                                                                                                                                                                                                                                              SHA-512:FD1ACC2B2925264BF414F73AD0FE0D4BCCD377726D9DC7EA530EC295E13854638032418DE4D95E5C1459463FC1964C7D1E1B7ECCBDA9248A6FFCA7535B0E5872
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:.... ... ....................................... ...!...........................l.......tr[.....................bJ..............Zb... ... ......................................,...@.t.z.r.e.s...d.l.l.,.-.1.1.2.......................................................@.t.z.r.e.s...d.l.l.,.-.1.1.1............................................................{q.>..............sj...........8.6.9.6.E.A.C.4.-.1.2.8.8.-.4.2.8.8.-.A.4.E.E.-.4.9.E.E.4.3.1.B.0.A.D.9...C.:.\.W.i.n.d.o.w.s.\.S.e.r.v.i.c.e.P.r.o.f.i.l.e.s.\.N.e.t.w.o.r.k.S.e.r.v.i.c.e.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.D.e.l.i.v.e.r.y.O.p.t.i.m.i.z.a.t.i.o.n.\.L.o.g.s.\.d.o.s.v.c...2.0.2.4.0.5.2.6._.1.2.4.4.3.0._.0.5.8...e.t.l.........P.P.l.......tr[.....................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\dosvcState.dat

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):786432
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.940726957151001
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:7E7A4AADF4DF2E2399394A5E242DCAEB
                                                                                                                                                                                                                                                                                              SHA1:3FF6BC7A1E3E00818536BD4297532ABBD7E3E19F
                                                                                                                                                                                                                                                                                              SHA-256:05CA23E30D8C8D71A61D9347E76B2941BFDB91107178BCD8C88A3D5DABC1FF1F
                                                                                                                                                                                                                                                                                              SHA-512:9537A80A94CAE7F762D55A941420536BFA2FBA76468EBE8489828114A13537DF4C69486A1336BF186EFB33376DFC3C574FC0226E34E586589ECCE0CA3BB8AED4
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:regf)...(...=...^................... ...........t.i.m.i.z.a.t.i.o.n.\.S.t.a.t.e.\.d.o.s.v.c.S.t.a.t.e...d.a.t.......................................................rmtmb...>...............................................................................................................................................................................................................................................................................................................................................:..L........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                              C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\State\dosvcState.dat.LOG1

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):49152
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.464327254324409
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:12EAC11518F7231E35BCDF3C123FFF1C
                                                                                                                                                                                                                                                                                              SHA1:C7D70FDC3930655209526082D94810972BC16228
                                                                                                                                                                                                                                                                                              SHA-256:56BFED83A9444E9B0F024418BC4F30E4FB44DD0A29B29B8F9B421F08B7C93417
                                                                                                                                                                                                                                                                                              SHA-512:A87FEC27A252B108F13A1B447D5C1CC88068DB2EDA988D97091DD5D30F11B1418793A09398E0B5511AD8BF3B832C3FB0A6C1C795DA3E74F1D99C6DB1C7EAF73F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:regf(...(...=...^................... ...........t.i.m.i.z.a.t.i.o.n.\.S.t.a.t.e.\.d.o.s.v.c.S.t.a.t.e...d.a.t.......................................................rmtmb...>...............................................................................................................................................................................................................................................................................................................................................=..LHvLE........(...........8..;..w.|...+K......................0...0...0....... ...`......hbin................=...^...........nk,.=...^.......@...................................(...................&...{c584f1b8-53a4-a935-d7a7-edbd532557bc}..x...sk..........%...l.......T...`.......h.....T.............................................................................................?...................?.......................?...............................................................

                                                                                                                                                                                                                                                                                              C:\Windows\Tasks\CCleanerCrashReporting.job

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):666
                                                                                                                                                                                                                                                                                              Entropy (8bit):3.620711463976598
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:FF6AFCAE81AD6D5EE47BA0B1EA104FCA
                                                                                                                                                                                                                                                                                              SHA1:2ABEEDF2D90A63928ADA2FF7C94645CF6D4EAB5A
                                                                                                                                                                                                                                                                                              SHA-256:655331F9BC4A98A731A5D1534B85B4BA5103BFCD96AFF9606E23B0158D83B560
                                                                                                                                                                                                                                                                                              SHA-512:CB84792565328038BF9000A9F5DAD57AF21AB7A99CC4A5E5F7A043E4BBFCC508432FAED0B20D31AAB8E0499F181E9DF3DDB4395F54661160C5D981B5641B24F5
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:....d..P.d^C..j...F.h.....<... .....s.......... ....................0.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.C.l.e.a.n.e.r.\.C.C.l.e.a.n.e.r.B.u.g.R.e.p.o.r.t...e.x.e.....-.-.p.r.o.d.u.c.t. .9.0. .-.-.s.e.n.d. .d.u.m.p.s.|.r.e.p.o.r.t. .-.-.p.a.t.h. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.C.l.e.a.n.e.r.\.L.O.G.". .-.-.p.r.o.g.r.a.m.p.a.t.h. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.C.l.e.a.n.e.r.". .-.-.g.u.i.d. .".5.c.7.5.d.9.8.5.-.5.a.4.f.-.4.2.3.1.-.b.9.9.6.-.7.0.b.d.b.9.0.6.d.5.5.7.". .-.-.v.e.r.s.i.o.n. .".6...2.4...1.1.0.6.0.". .-.-.s.i.l.e.n.t.......P.i.r.i.f.o.r.m. .S.o.f.t.w.a.r.e. .L.t.d...................0.................,.............................

                                                                                                                                                                                                                                                                                              C:\Windows\Temp\D566D7D7-DCD6-471C-8109-BE0AD33199E3

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):64
                                                                                                                                                                                                                                                                                              Entropy (8bit):2.796569531114783
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:5037584550D192DE01F0E68DA378DD32
                                                                                                                                                                                                                                                                                              SHA1:43225D5D79A97352AD92A3576A284D0C12E41619
                                                                                                                                                                                                                                                                                              SHA-256:216FEDF261C8739E1F442D950C2610B2EC0573875BDCBEAD23925009F31FF384
                                                                                                                                                                                                                                                                                              SHA-512:AD8C1AD228AA4BD54562A92E45945EDFB2667DE7A14D35C18E7A83C31CFEBC8DFC0427D50984229F873751D3482E144E2881C58E36D4BDBA47AB9EE8E2429D6F
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:6.D.8.B.7.B.B.5.C.D.3.B.7.1.8.4.0.1.0.B.E.4.5.B.5.1.F.2.8.5.6.F.

                                                                                                                                                                                                                                                                                              C:\Windows\Temp\F07D8C6A-04B6-4025-869C-70A788D7B5C0

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
                                                                                                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):72
                                                                                                                                                                                                                                                                                              Entropy (8bit):2.7970589458155923
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:B7F40A497C2413868C01FDF958901149
                                                                                                                                                                                                                                                                                              SHA1:432DAE901762D90425399D69B1A9A47D513D9D3C
                                                                                                                                                                                                                                                                                              SHA-256:5D350B0B2DE90B8A8B665EFC547C3B2BAC827082679E64EFAE35BA0F646002F2
                                                                                                                                                                                                                                                                                              SHA-512:36B750AFC60C53C648435B415F468CB1F7D550E093B2504F3616002413D6A3A93C97B4A225837BEE702745F03E34008AC19844424A1F04943951A3168C842958
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:e.6.6.6.8.c.4.9.-.7.5.4.7.-.4.b.4.b.-.8.c.9.4.-.e.3.b.e.a.3.b.b.e.d.f.8.

                                                                                                                                                                                                                                                                                              C:\Windows\Temp\waapi-1716727474\f88a050b8b36cd7d2feffedc

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):12
                                                                                                                                                                                                                                                                                              Entropy (8bit):2.584962500721156
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:A3B274C5C9E6B63FAB5F7112E35F1532
                                                                                                                                                                                                                                                                                              SHA1:76807A0EA48AC54AA182AFA6F59092615B2AE141
                                                                                                                                                                                                                                                                                              SHA-256:A2F72058793B83EFBBA05A76958451230F8A53EAF5B0D2A1B3212832C627A0B8
                                                                                                                                                                                                                                                                                              SHA-512:72FFF5C1A499AEF911F71283FC73E19BE4EFC121FD3BB90B961756EE4F349A3A33E03D3A8939970F44E58E5B3A9AB7E024A6E574B559C86BF2AECF9122C6A846
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:WA1716727474

                                                                                                                                                                                                                                                                                              \Device\ConDrv

                                                                                                                                                                                                                                                                                              Download File
                                                                                                                                                                                                                                                                                              Process:C:\Program Files\CCleaner\CCleanerBugReport.exe
                                                                                                                                                                                                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                                                                                                              Size (bytes):1068
                                                                                                                                                                                                                                                                                              Entropy (8bit):4.9158055978093635
                                                                                                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                                                                                                                              MD5:8671B6A58C75C073E410A938328B3F0B
                                                                                                                                                                                                                                                                                              SHA1:5E08D14CA9DBB251FA1A0744A1383022A08F47BC
                                                                                                                                                                                                                                                                                              SHA-256:996A4E018501FECB41D7F2A93AEA3529B7377AFCB22C37EE6D0610A371CDC7F2
                                                                                                                                                                                                                                                                                              SHA-512:C32F67DA977DC84367D138A0FEE1084F3ED1A9868F3A5728B6BAEF5FA34285619A0A225C1C780C0246040AE0730F1ED35F6BFB39CF31F94141CC06E9D28F506E
                                                                                                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                                                                                                              Reputation:unknown
                                                                                                                                                                                                                                                                                              Preview:[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 88] - valid package type found in [send]: 0..[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 88] - valid package type found in [send]: 2..[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 103] - setting [product] to 90..[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 112] - setting [path] to C:\Program Files\CCleaner\LOG..[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 121] - setting [programpath] to C:\Program Files\CCleaner..[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 145] - setting [version] to 6.24.11060..[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 149] - setting [guid] to 5c75d985-5a4f-4231-b996-70bdb906d557..[2024-05-26 12:44:18.995] [notice ] [bug_report ] [ 7204: 7184] [60E748: 181] - setting [silent]..[2024-05-26 12:44:18.995] [notice ] [cras

                                                                                                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                                                                                                                              Entropy (8bit):7.999984608389844
                                                                                                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                              File name:ccsetup624.exe
                                                                                                                                                                                                                                                                                              File size:83'689'152 bytes
                                                                                                                                                                                                                                                                                              MD5:0da9ad07601568f130fcd4cbfdf2206b
                                                                                                                                                                                                                                                                                              SHA1:74e481c5e55dd3b2c8d82c9212cc9dd45e0f14dc
                                                                                                                                                                                                                                                                                              SHA256:fbd6bd7103fd037253085761546887cf93657bca9fb812980ab64acf32624a72
                                                                                                                                                                                                                                                                                              SHA512:ecd8fc3da1aaa6e634bdbccc8023a13534708993d6145a88b0dcff8224004861a17a9a2ecef35ba61f105a4207cf9ba56a0295d3414e728c9fc4028c7dc97c2c
                                                                                                                                                                                                                                                                                              SSDEEP:1572864:cxy1AHAbjAigJ8iwDycu/xyiiqZ5DjEP4rzA/TGAHlV7H6grTUwHPwuM:cu+228iwDA/xy34rMTGwggrTDvwt
                                                                                                                                                                                                                                                                                              TLSH:4308330F57A31E31C174AA766ED0970A2A9572E9333A49818DB5320E3FD39891F72DF4
                                                                                                                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h.......@.

                                                                                                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                                                                                                              Icon Hash:29226ee6b692c62f

                                                                                                                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Entrypoint:0x403640
                                                                                                                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                              Time Stamp:0x614F9D02 [Sat Sep 25 22:04:50 2021 UTC]
                                                                                                                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                                                                                                                              OS Version Major:4
                                                                                                                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                                                                                                                              File Version Major:4
                                                                                                                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                              Import Hash:61259b55b8912888e90f516ca08dc514

                                                                                                                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                                                                                                                              Signature Valid:true
                                                                                                                                                                                                                                                                                              Signature Issuer:CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
                                                                                                                                                                                                                                                                                              Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                                                                                                              Error Number:0
                                                                                                                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                                                                                                                              • 16/01/2023 00:00:00 15/01/2026 23:59:59
                                                                                                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                                                                                                              • CN=PIRIFORM SOFTWARE LIMITED, O=PIRIFORM SOFTWARE LIMITED, L=London, C=GB
                                                                                                                                                                                                                                                                                              Version:3
                                                                                                                                                                                                                                                                                              Thumbprint MD5:77AFF713989A75237A35C5A62B2C4AA7
                                                                                                                                                                                                                                                                                              Thumbprint SHA-1:4F24981A62D9E0AB041F611F16D334CAEBE84AA1
                                                                                                                                                                                                                                                                                              Thumbprint SHA-256:C568B8984F6DB77DC6C85180027D945B19E13B83399960248E1FB0D4F739CC22
                                                                                                                                                                                                                                                                                              Serial:0B62A30BF7FA45ACDDB320214F64287D

                                                                                                                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                                                                                                                              Instruction
                                                                                                                                                                                                                                                                                              push ebp
                                                                                                                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                                                                                                                              sub esp, 000003F4h
                                                                                                                                                                                                                                                                                              push ebx
                                                                                                                                                                                                                                                                                              push esi
                                                                                                                                                                                                                                                                                              push edi
                                                                                                                                                                                                                                                                                              push 00000020h
                                                                                                                                                                                                                                                                                              pop edi
                                                                                                                                                                                                                                                                                              xor ebx, ebx
                                                                                                                                                                                                                                                                                              push 00008001h
                                                                                                                                                                                                                                                                                              mov dword ptr [ebp-14h], ebx
                                                                                                                                                                                                                                                                                              mov dword ptr [ebp-04h], 0040A230h
                                                                                                                                                                                                                                                                                              mov dword ptr [ebp-10h], ebx
                                                                                                                                                                                                                                                                                              call dword ptr [004080C8h]
                                                                                                                                                                                                                                                                                              mov esi, dword ptr [004080CCh]
                                                                                                                                                                                                                                                                                              lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                              mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                                                                                                                                                                                              mov dword ptr [ebp-2Ch], ebx
                                                                                                                                                                                                                                                                                              mov dword ptr [ebp-28h], ebx
                                                                                                                                                                                                                                                                                              mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                                                                                                                                                                                              call esi
                                                                                                                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                                                                                                                              jne 00007EFEDCB775BAh
                                                                                                                                                                                                                                                                                              lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                                                                                                                                              mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                                                                                                                                                                                              push eax
                                                                                                                                                                                                                                                                                              call esi
                                                                                                                                                                                                                                                                                              mov ax, word ptr [ebp-0000012Ch]
                                                                                                                                                                                                                                                                                              mov ecx, dword ptr [ebp-00000112h]
                                                                                                                                                                                                                                                                                              sub ax, 00000053h
                                                                                                                                                                                                                                                                                              add ecx, FFFFFFD0h
                                                                                                                                                                                                                                                                                              neg ax
                                                                                                                                                                                                                                                                                              sbb eax, eax
                                                                                                                                                                                                                                                                                              mov byte ptr [ebp-26h], 00000004h
                                                                                                                                                                                                                                                                                              not eax
                                                                                                                                                                                                                                                                                              and eax, ecx
                                                                                                                                                                                                                                                                                              mov word ptr [ebp-2Ch], ax
                                                                                                                                                                                                                                                                                              cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                                                                                                                                                                                              jnc 00007EFEDCB7758Ah
                                                                                                                                                                                                                                                                                              and word ptr [ebp-00000132h], 0000h
                                                                                                                                                                                                                                                                                              mov eax, dword ptr [ebp-00000134h]
                                                                                                                                                                                                                                                                                              movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                                                                                                                                                                                              mov dword ptr [00470318h], eax
                                                                                                                                                                                                                                                                                              xor eax, eax
                                                                                                                                                                                                                                                                                              mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                                                                                                                                                                                              movzx eax, ax
                                                                                                                                                                                                                                                                                              or eax, ecx
                                                                                                                                                                                                                                                                                              xor ecx, ecx
                                                                                                                                                                                                                                                                                              mov ch, byte ptr [ebp-2Ch]
                                                                                                                                                                                                                                                                                              movzx ecx, cx
                                                                                                                                                                                                                                                                                              shl eax, 10h
                                                                                                                                                                                                                                                                                              or eax, ecx

                                                                                                                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                                                                                                                              Data Directories

                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x40d0000x8a98.rsrc
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x4fcd5c00x2900
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                              Sections

                                                                                                                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                              .text0x10000x66760x6800d01cd60c08ad4410541807ebc6d4a26fFalse0.6570763221153846data6.415810447422783IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                              .rdata0x80000x139a0x14008c5edfd8ff9cc0135e197611be38ca18False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                              .data0xa0000x663780x600c7e50177934aec2fcddfd0aceaf14b43False0.5091145833333334data4.106448979512574IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                              .ndata0x710000x39c0000x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                              .rsrc0x40d0000x8a980x8c00cf2c49afc1c5657ac856a35b1793ac09False0.34266183035714287data4.9018747777591365IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                              Resources

                                                                                                                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                              RT_ICON0x40d9600x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.4141078838174274
                                                                                                                                                                                                                                                                                              RT_ICON0x40ff080x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.6683864915572233
                                                                                                                                                                                                                                                                                              RT_ICON0x410fb00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.5455776173285198
                                                                                                                                                                                                                                                                                              RT_ICON0x4118580x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.5780346820809249
                                                                                                                                                                                                                                                                                              RT_ICON0x411dc00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.8182624113475178
                                                                                                                                                                                                                                                                                              RT_ICON0x4122280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States0.5067204301075269
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4125100x250dataEnglishUnited States0.40709459459459457
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4127600x158dataEnglishUnited States0.5116279069767442
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4128b80xa0dataEnglishUnited States0.60625
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4129580xeedataEnglishUnited States0.6260504201680672
                                                                                                                                                                                                                                                                                              RT_DIALOG0x412a480x250dataEnglishUnited States0.4189189189189189
                                                                                                                                                                                                                                                                                              RT_DIALOG0x412c980x158dataEnglishUnited States0.5348837209302325
                                                                                                                                                                                                                                                                                              RT_DIALOG0x412df00xa0dataEnglishUnited States0.68125
                                                                                                                                                                                                                                                                                              RT_DIALOG0x412e900xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                                                                                                                              RT_DIALOG0x412f800x250dataEnglishUnited States0.4189189189189189
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4131d00x158dataEnglishUnited States0.5348837209302325
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4133280xa0dataEnglishUnited States0.68125
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4133c80xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4134b80x248dataEnglishUnited States0.4075342465753425
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4137000x150dataEnglishUnited States0.5386904761904762
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4138500x98dataEnglishUnited States0.625
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4138e80xe6dataEnglishUnited States0.6565217391304348
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4139d00x240dataEnglishUnited States0.40625
                                                                                                                                                                                                                                                                                              RT_DIALOG0x413c100x148dataEnglishUnited States0.524390243902439
                                                                                                                                                                                                                                                                                              RT_DIALOG0x413d580x90dataEnglishUnited States0.6041666666666666
                                                                                                                                                                                                                                                                                              RT_DIALOG0x413de80xdedataEnglishUnited States0.6486486486486487
                                                                                                                                                                                                                                                                                              RT_DIALOG0x413ec80x23cdataEnglishUnited States0.3968531468531469
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4141080x144dataEnglishUnited States0.5123456790123457
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4142500x8cdataEnglishUnited States0.5857142857142857
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4142e00xdadataEnglishUnited States0.6376146788990825
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4143c00x23cdataEnglishUnited States0.3968531468531469
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4146000x144dataEnglishUnited States0.5185185185185185
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4147480x8cdataEnglishUnited States0.5928571428571429
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4147d80xdadataEnglishUnited States0.6422018348623854
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4148b80x250dataEnglishUnited States0.4189189189189189
                                                                                                                                                                                                                                                                                              RT_DIALOG0x414b080x158dataEnglishUnited States0.5348837209302325
                                                                                                                                                                                                                                                                                              RT_DIALOG0x414c600xa0dataEnglishUnited States0.68125
                                                                                                                                                                                                                                                                                              RT_DIALOG0x414d000xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                                                                                                                              RT_DIALOG0x414df00x250dataEnglishUnited States0.4189189189189189
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4150400x158dataEnglishUnited States0.5348837209302325
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4151980xa0dataEnglishUnited States0.68125
                                                                                                                                                                                                                                                                                              RT_DIALOG0x4152380xeedataEnglishUnited States0.6512605042016807
                                                                                                                                                                                                                                                                                              RT_RCDATA0x4153280x15ASCII text, with no line terminatorsEnglishUnited States1.380952380952381
                                                                                                                                                                                                                                                                                              RT_GROUP_ICON0x4153400x5adataEnglishUnited States0.7222222222222222
                                                                                                                                                                                                                                                                                              RT_VERSION0x4153a00x2c4dataEnglishUnited States0.4971751412429379
                                                                                                                                                                                                                                                                                              RT_MANIFEST0x4156680x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5130841121495328

                                                                                                                                                                                                                                                                                              Imports

                                                                                                                                                                                                                                                                                              DLLImport
                                                                                                                                                                                                                                                                                              ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                                                                                                                                                                                              SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                                                                                                                                                                                              ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                                                                                                                                                                                              COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                                                                                                                                                                              USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                                                                                                                                                                                              GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                                                                                                                                                                                              KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.448427916 CEST50112443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.448465109 CEST4435011234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.448664904 CEST50112443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.451576948 CEST50112443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.451589108 CEST4435011234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.681148052 CEST4435011234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.681397915 CEST50112443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.685228109 CEST50112443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.685240984 CEST4435011234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.685533047 CEST4435011234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.712306023 CEST50112443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.712430954 CEST50112443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.712534904 CEST4435011234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.908776999 CEST4435011234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.909115076 CEST4435011234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.909363985 CEST50112443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.911936045 CEST50112443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.911936998 CEST50112443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.912009954 CEST4435011234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.912031889 CEST4435011234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.691054106 CEST50113443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.691083908 CEST4435011334.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.691364050 CEST50113443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.691741943 CEST50113443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.691751003 CEST4435011334.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.915314913 CEST4435011334.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.915540934 CEST50113443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.919249058 CEST50113443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.919260979 CEST4435011334.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.919595957 CEST4435011334.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.920721054 CEST50113443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.964183092 CEST4435011334.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:50.158098936 CEST4435011334.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:50.158196926 CEST4435011334.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:50.158345938 CEST50113443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:50.158345938 CEST50113443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:50.158412933 CEST50113443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:50.158427954 CEST4435011334.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.254606962 CEST50114443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.254631042 CEST4435011434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.254801035 CEST50114443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.255013943 CEST50114443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.255024910 CEST4435011434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.468616009 CEST4435011434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.468868017 CEST50114443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.469827890 CEST50114443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.469837904 CEST4435011434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.470060110 CEST4435011434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.470997095 CEST50114443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.471110106 CEST50114443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.471157074 CEST4435011434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.699060917 CEST4435011434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.699119091 CEST4435011434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.699362040 CEST50114443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.699553013 CEST50114443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.699553013 CEST50114443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.699565887 CEST4435011434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:06.699570894 CEST4435011434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.379923105 CEST50117443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.379941940 CEST4435011734.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.380108118 CEST50117443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.380364895 CEST50117443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.380374908 CEST4435011734.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.535414934 CEST50118443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.535438061 CEST4435011840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.535614014 CEST50118443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.535784960 CEST50118443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.535794973 CEST4435011840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.597465992 CEST4435011734.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.597636938 CEST50117443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.597636938 CEST50117443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.601815939 CEST50117443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.601829052 CEST4435011734.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.602070093 CEST4435011734.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.602180004 CEST50117443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.602580070 CEST50117443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.648178101 CEST4435011734.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.830446005 CEST4435011734.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.830621004 CEST4435011734.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.830679893 CEST50117443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.830986023 CEST50117443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.841994047 CEST50117443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.842008114 CEST4435011734.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.954710007 CEST4435011840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.954921007 CEST50118443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.959485054 CEST50118443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.959495068 CEST4435011840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.959707022 CEST4435011840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.960197926 CEST50118443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.960197926 CEST50118443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.960242987 CEST4435011840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:09.224562883 CEST4435011840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:09.224575996 CEST4435011840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:09.224637985 CEST4435011840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:09.225558043 CEST50118443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:09.225558996 CEST50118443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:09.226185083 CEST50118443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:09.226200104 CEST4435011840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.250965118 CEST50119443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.250988007 CEST4435011940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.251192093 CEST50119443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.251385927 CEST50119443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.251395941 CEST4435011940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.661588907 CEST4435011940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.661851883 CEST50119443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.663141012 CEST50119443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.663151026 CEST4435011940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.663379908 CEST4435011940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.664676905 CEST50119443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.664727926 CEST50119443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.664742947 CEST4435011940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.664834023 CEST50119443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.708180904 CEST4435011940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.927478075 CEST4435011940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.927505016 CEST4435011940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.927628994 CEST4435011940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.927809000 CEST50119443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.927859068 CEST50119443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.928212881 CEST50119443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:11.928237915 CEST4435011940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:13.938203096 CEST50120443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:13.938226938 CEST4435012040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:13.938386917 CEST50120443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:13.938563108 CEST50120443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:13.938572884 CEST4435012040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.351737976 CEST4435012040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.352216959 CEST50120443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.353777885 CEST50120443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.353787899 CEST4435012040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.354016066 CEST4435012040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.354518890 CEST50120443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.354518890 CEST50120443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.354537964 CEST50120443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.354557037 CEST4435012040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.623687983 CEST4435012040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.623698950 CEST4435012040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.623795033 CEST4435012040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.623869896 CEST50120443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.624017954 CEST50120443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.624275923 CEST50120443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:14.624288082 CEST4435012040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:15.138226986 CEST5010380192.168.11.20192.229.211.108
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:15.237059116 CEST8050103192.229.211.108192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:15.237225056 CEST5010380192.168.11.20192.229.211.108
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:16.772870064 CEST50121443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:16.772891998 CEST4435012140.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:16.773094893 CEST50121443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:16.773253918 CEST50121443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:16.773266077 CEST4435012140.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.186054945 CEST4435012140.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.186781883 CEST50121443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.188811064 CEST50121443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.188821077 CEST4435012140.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.189043999 CEST4435012140.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.189825058 CEST50121443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.189825058 CEST50121443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.189841986 CEST50121443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.189857006 CEST4435012140.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.456144094 CEST4435012140.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.456254005 CEST4435012140.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.456470013 CEST50121443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.456532001 CEST4435012140.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.456578970 CEST4435012140.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.456661940 CEST50121443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.456753969 CEST50121443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.456754923 CEST50121443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.529318094 CEST50122443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.529339075 CEST4435012234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.529532909 CEST50122443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.529748917 CEST50122443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.529759884 CEST4435012234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.749548912 CEST4435012234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.749763966 CEST50122443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.750958920 CEST50122443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.750974894 CEST4435012234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.751576900 CEST4435012234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.752696991 CEST50122443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.752782106 CEST50122443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.752819061 CEST4435012234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.789241076 CEST50123443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.789261103 CEST4435012334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.789469957 CEST50123443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.790129900 CEST50123443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.790142059 CEST4435012334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.980261087 CEST4435012234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.980330944 CEST4435012234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.980499983 CEST50122443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.980624914 CEST50122443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.980624914 CEST50122443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.980638027 CEST4435012234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.980643034 CEST4435012234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.007832050 CEST4435012334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.008048058 CEST50123443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.009074926 CEST50123443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.009083986 CEST4435012334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.009321928 CEST4435012334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.044764996 CEST50123443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.088216066 CEST4435012334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.095375061 CEST50124443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.095395088 CEST4435012434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.095659018 CEST50124443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.097018957 CEST50124443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.097064018 CEST4435012434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.238960981 CEST4435012334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.239073038 CEST4435012334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.239291906 CEST50123443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.239485025 CEST50123443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.239485025 CEST50123443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.239497900 CEST4435012334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.239502907 CEST4435012334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.310398102 CEST4435012434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.310669899 CEST50124443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.312607050 CEST50124443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.312623024 CEST4435012434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.312963009 CEST4435012434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.340858936 CEST50124443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.342521906 CEST50124443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.342546940 CEST4435012434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.540031910 CEST4435012434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.540127039 CEST4435012434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.540261984 CEST50124443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.540497065 CEST50124443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.540497065 CEST50124443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.540510893 CEST4435012434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.540514946 CEST4435012434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.542568922 CEST50126443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.542589903 CEST4435012634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.542762995 CEST50126443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.543000937 CEST50126443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.543013096 CEST4435012634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.757170916 CEST4435012634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.757436037 CEST50126443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.758296967 CEST50126443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.758306980 CEST4435012634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.758502007 CEST4435012634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.759233952 CEST50126443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.759265900 CEST50126443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.759291887 CEST4435012634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.001730919 CEST4435012634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.001837015 CEST4435012634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.001952887 CEST50126443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.002235889 CEST50126443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.002235889 CEST50126443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.002249002 CEST4435012634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.002253056 CEST4435012634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.004452944 CEST50129443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.004470110 CEST4435012934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.004683018 CEST50129443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.004825115 CEST50129443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.004837036 CEST4435012934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.218483925 CEST4435012934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.218767881 CEST50129443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.219711065 CEST50129443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.219721079 CEST4435012934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.219916105 CEST4435012934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.220510960 CEST50129443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.220540047 CEST50129443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.220567942 CEST4435012934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.449575901 CEST4435012934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.449697971 CEST4435012934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.449928999 CEST50129443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.450892925 CEST50129443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.450906038 CEST4435012934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.450980902 CEST50129443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.450993061 CEST4435012934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.469067097 CEST50130443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.469085932 CEST4435013040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.469314098 CEST50130443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.469966888 CEST50130443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.469978094 CEST4435013040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.845741034 CEST50131443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.845762968 CEST4435013134.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.846910000 CEST50131443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.847100973 CEST50131443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.847110987 CEST4435013134.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.882719994 CEST4435013040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.882944107 CEST50130443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.884546995 CEST50130443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.884557009 CEST4435013040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.884768009 CEST4435013040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.885570049 CEST50130443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.885623932 CEST50130443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.885642052 CEST4435013040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.885674000 CEST50130443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.928216934 CEST4435013040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.059653044 CEST4435013134.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.059941053 CEST50131443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.061006069 CEST50131443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.061017036 CEST4435013134.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.061296940 CEST4435013134.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.087802887 CEST50131443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.132236004 CEST4435013134.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.150563955 CEST4435013040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.150579929 CEST4435013040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.150651932 CEST4435013040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.150779963 CEST50130443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.151021957 CEST50130443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.151166916 CEST50130443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.151179075 CEST4435013040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.289664030 CEST4435013134.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.289741993 CEST4435013134.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.289896965 CEST50131443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.290570974 CEST50131443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.290571928 CEST50131443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.290585041 CEST4435013134.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.290589094 CEST4435013134.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.407356977 CEST50132443192.168.11.2034.77.70.86
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.407375097 CEST4435013234.77.70.86192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.407598972 CEST50132443192.168.11.2034.77.70.86
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.408246994 CEST50132443192.168.11.2034.77.70.86
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.408253908 CEST4435013234.77.70.86192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.561228991 CEST50110443192.168.11.2013.107.21.200
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.980315924 CEST4435013234.77.70.86192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.980956078 CEST50132443192.168.11.2034.77.70.86
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.981954098 CEST50132443192.168.11.2034.77.70.86
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.981960058 CEST4435013234.77.70.86192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.982197046 CEST4435013234.77.70.86192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:21.022706985 CEST50132443192.168.11.2034.77.70.86
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:21.022861958 CEST50132443192.168.11.2034.77.70.86
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:21.022929907 CEST4435013234.77.70.86192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:21.442362070 CEST4435013234.77.70.86192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:21.442440033 CEST4435013234.77.70.86192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:21.442998886 CEST50132443192.168.11.2034.77.70.86
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:21.442998886 CEST50132443192.168.11.2034.77.70.86
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:21.442998886 CEST50132443192.168.11.2034.77.70.86
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:21.746157885 CEST50132443192.168.11.2034.77.70.86
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:21.746176004 CEST4435013234.77.70.86192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.155030966 CEST50135443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.155055046 CEST4435013540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.155709028 CEST50135443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.155709028 CEST50135443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.155735016 CEST4435013540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.564042091 CEST4435013540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.564254999 CEST50135443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.567662001 CEST50135443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.567671061 CEST4435013540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.567866087 CEST4435013540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.568435907 CEST50135443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.568435907 CEST50135443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.568478107 CEST50135443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.568487883 CEST4435013540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.829890966 CEST4435013540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.829902887 CEST4435013540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.829951048 CEST4435013540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.830126047 CEST50135443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.830502033 CEST50135443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:22.830511093 CEST4435013540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:23.717794895 CEST50137443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:23.717819929 CEST4435013734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:23.718545914 CEST50137443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:23.718889952 CEST50137443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:23.718902111 CEST4435013734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:23.934804916 CEST4435013734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:23.935276031 CEST50137443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:23.936355114 CEST50137443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:23.936364889 CEST4435013734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:23.936568975 CEST4435013734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:23.962883949 CEST50137443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:23.963041067 CEST50137443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:23.963049889 CEST4435013734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.165368080 CEST4435013734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.165446043 CEST4435013734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.165673971 CEST50137443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.166050911 CEST50137443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.166052103 CEST50137443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.166064024 CEST4435013734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.166068077 CEST4435013734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.167574883 CEST50138443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.167593002 CEST4435013834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.167977095 CEST50138443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.168148994 CEST50138443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.168157101 CEST4435013834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.386688948 CEST4435013834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.387615919 CEST50138443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.387943983 CEST50138443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.387950897 CEST4435013834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.388278961 CEST4435013834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.424084902 CEST50138443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.424256086 CEST50138443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.424276114 CEST4435013834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.623219013 CEST4435013834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.623415947 CEST4435013834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.624149084 CEST50138443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.641545057 CEST50138443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.641545057 CEST50138443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.641560078 CEST4435013834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.641565084 CEST4435013834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.643245935 CEST50139443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.643269062 CEST4435013934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.643585920 CEST50139443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.643774033 CEST50139443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.643785000 CEST4435013934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.863202095 CEST4435013934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.863471985 CEST50139443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.864396095 CEST50139443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.864406109 CEST4435013934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.864643097 CEST4435013934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.910372972 CEST50139443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.910474062 CEST50139443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.910494089 CEST4435013934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.990099907 CEST50140443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.990120888 CEST4435014040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.990623951 CEST50140443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.990807056 CEST50140443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:24.990818977 CEST4435014040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.098520041 CEST4435013934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.098623037 CEST4435013934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.098747015 CEST50139443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.099927902 CEST50139443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.099927902 CEST50139443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.099946976 CEST4435013934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.099952936 CEST4435013934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.101563931 CEST50141443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.101587057 CEST4435014134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.101718903 CEST50141443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.101917028 CEST50141443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.101928949 CEST4435014134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.315473080 CEST4435014134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.316833019 CEST50141443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.317399025 CEST50141443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.317409039 CEST4435014134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.317723036 CEST4435014134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.339499950 CEST50141443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.339584112 CEST50141443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.339612961 CEST4435014134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.400547028 CEST4435014040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.401485920 CEST50140443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.402007103 CEST50140443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.402019978 CEST4435014040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.402271032 CEST4435014040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.402817965 CEST50140443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.402817965 CEST50140443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.402839899 CEST50140443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.402861118 CEST4435014040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.545172930 CEST4435014134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.545239925 CEST4435014134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.545497894 CEST50141443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.545574903 CEST50141443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.545574903 CEST50141443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.545591116 CEST4435014134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.545597076 CEST4435014134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.548047066 CEST50142443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.548074007 CEST4435014234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.548279047 CEST50142443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.548458099 CEST50142443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.548471928 CEST4435014234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.665788889 CEST4435014040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.665806055 CEST4435014040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.665878057 CEST4435014040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.666958094 CEST50140443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.666958094 CEST50140443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.666958094 CEST50140443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.761671066 CEST4435014234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.762259960 CEST50142443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.763425112 CEST50142443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.763433933 CEST4435014234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.763663054 CEST4435014234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.764950037 CEST50142443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.764950037 CEST50142443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.764966011 CEST4435014234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.963795900 CEST50140443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.963814974 CEST4435014040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.995655060 CEST4435014234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.995712042 CEST4435014234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.995902061 CEST50142443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.996210098 CEST50142443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.996220112 CEST4435014234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.996299028 CEST50142443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.996309996 CEST4435014234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.998856068 CEST50143443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.998874903 CEST4435014334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.999114990 CEST50143443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.999315023 CEST50143443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:25.999326944 CEST4435014334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.213789940 CEST4435014334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.214092016 CEST50143443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.214962006 CEST50143443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.214971066 CEST4435014334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.215166092 CEST4435014334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.215805054 CEST50143443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.215869904 CEST50143443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.215888023 CEST4435014334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.445282936 CEST4435014334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.445656061 CEST4435014334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.445878983 CEST50143443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.445962906 CEST50143443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.445962906 CEST50143443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.446029902 CEST4435014334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.446063042 CEST4435014334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.447945118 CEST50144443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.448033094 CEST4435014434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.448633909 CEST50144443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.449450016 CEST50144443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.449506998 CEST4435014434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.672038078 CEST4435014434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.673278093 CEST50144443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.673767090 CEST50144443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.673777103 CEST4435014434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.674072981 CEST4435014434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.674820900 CEST50144443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.674951077 CEST50144443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.674959898 CEST4435014434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.906709909 CEST4435014434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.906809092 CEST4435014434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.907027960 CEST50144443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.907113075 CEST50144443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.907113075 CEST50144443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.907126904 CEST4435014434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.907130957 CEST4435014434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.909495115 CEST50145443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.909512997 CEST4435014534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.909750938 CEST50145443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.909873962 CEST50145443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:26.909883976 CEST4435014534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.127036095 CEST4435014534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.127342939 CEST50145443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.128238916 CEST50145443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.128253937 CEST4435014534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.128561020 CEST4435014534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.129972935 CEST50145443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.129972935 CEST50145443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.129996061 CEST4435014534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.360976934 CEST4435014534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.361049891 CEST4435014534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.361460924 CEST50145443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.361484051 CEST50145443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.361484051 CEST50145443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.361495018 CEST4435014534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.361500025 CEST4435014534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.684828043 CEST50146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.684864998 CEST4435014640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.685058117 CEST50146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.685225010 CEST50146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:27.685244083 CEST4435014640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.102678061 CEST4435014640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.103765965 CEST50146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.104865074 CEST50146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.104892015 CEST4435014640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.105139017 CEST4435014640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.105887890 CEST50146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.105887890 CEST50146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.105922937 CEST50146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.105940104 CEST4435014640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.371190071 CEST4435014640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.371225119 CEST4435014640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.371360064 CEST4435014640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.371758938 CEST50146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.372067928 CEST50146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:28.372097015 CEST4435014640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:29.198643923 CEST5009980192.168.11.20192.229.211.108
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:29.198643923 CEST5010080192.168.11.20192.229.211.108
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:29.297254086 CEST8050099192.229.211.108192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:29.297420025 CEST8050100192.229.211.108192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:29.297512054 CEST5009980192.168.11.20192.229.211.108
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:29.297600985 CEST5010080192.168.11.20192.229.211.108
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.387300968 CEST50147443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.387357950 CEST4435014740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.387507915 CEST50147443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.387649059 CEST50147443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.387661934 CEST4435014740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.803926945 CEST4435014740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.804110050 CEST50147443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.807328939 CEST50147443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.807342052 CEST4435014740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.807704926 CEST4435014740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.808417082 CEST50147443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.808417082 CEST50147443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.808449984 CEST4435014740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.808484077 CEST50147443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:30.808501005 CEST4435014740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:31.067890882 CEST4435014740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:31.067899942 CEST4435014740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:31.067995071 CEST4435014740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:31.068409920 CEST50147443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:31.068409920 CEST50147443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:31.368877888 CEST50147443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:31.368954897 CEST4435014740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:34.824085951 CEST50152443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:34.824110985 CEST4435015234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:34.824892998 CEST50152443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:34.824892998 CEST50152443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:34.824920893 CEST4435015234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:34.948646069 CEST50153443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:34.948663950 CEST4435015334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:34.949224949 CEST50153443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:34.949745893 CEST50153443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:34.949755907 CEST4435015334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.040024996 CEST4435015234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.040676117 CEST50152443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.041244030 CEST50152443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.041254044 CEST4435015234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.041479111 CEST4435015234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.042449951 CEST50152443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.042565107 CEST50152443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.042632103 CEST4435015234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.065957069 CEST50154443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.065974951 CEST4435015434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.066523075 CEST50154443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.066704035 CEST50154443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.066711903 CEST4435015434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.161498070 CEST4435015334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.162260056 CEST50153443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.165427923 CEST50153443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.165437937 CEST4435015334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.165683985 CEST4435015334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.166244984 CEST50153443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.166922092 CEST50153443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.208199024 CEST4435015334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.271574020 CEST4435015234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.271619081 CEST4435015234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.272912979 CEST50152443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.272912979 CEST50152443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.272912979 CEST50152443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.274338007 CEST53932443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.274353981 CEST4435393234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.274771929 CEST53932443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.275043011 CEST53932443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.275054932 CEST4435393234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.280128956 CEST4435015434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.280550957 CEST50154443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.285427094 CEST50154443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.285435915 CEST4435015434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.285685062 CEST4435015434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.285928965 CEST50154443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.286787987 CEST50154443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.328180075 CEST4435015434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.390253067 CEST4435015334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.390336990 CEST4435015334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.390413046 CEST50153443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.390517950 CEST50153443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.393872976 CEST50153443192.168.11.2034.149.149.62
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.393886089 CEST4435015334.149.149.62192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.487191916 CEST4435393234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.487418890 CEST53932443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.488528967 CEST53932443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.488538027 CEST4435393234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.488733053 CEST4435393234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.490175009 CEST53932443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.490221977 CEST53932443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.490264893 CEST4435393234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.519800901 CEST4435015434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.519860029 CEST4435015434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.520642996 CEST50154443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.520642996 CEST50154443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.520642996 CEST50154443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.587147951 CEST50152443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.587163925 CEST4435015234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.718216896 CEST4435393234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.718301058 CEST4435393234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.718426943 CEST53932443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.718650103 CEST53932443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.718650103 CEST53932443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.718667030 CEST4435393234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.718672991 CEST4435393234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.719605923 CEST53928443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.719633102 CEST4435392834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.720263958 CEST53928443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.720310926 CEST53928443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.720323086 CEST4435392834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.934855938 CEST4435392834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.935363054 CEST53928443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.936263084 CEST53928443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.936274052 CEST4435392834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.936646938 CEST4435392834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.937345028 CEST53928443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.937428951 CEST53928443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.937455893 CEST4435392834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.049006939 CEST64182443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.049022913 CEST4436418240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.050215006 CEST64182443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.050215006 CEST64182443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.050232887 CEST4436418240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.165911913 CEST4435392834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.166280031 CEST4435392834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.166568995 CEST53928443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.166662931 CEST53928443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.166663885 CEST53928443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.166737080 CEST4435392834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.166776896 CEST4435392834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.167597055 CEST64183443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.167685986 CEST4436418334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.167959929 CEST64183443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.168097973 CEST64183443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.168135881 CEST4436418334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.385606050 CEST4436418334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.385931015 CEST64183443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.387559891 CEST64183443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.387568951 CEST4436418334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.387799025 CEST4436418334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.388681889 CEST64183443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.388681889 CEST64183443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.388700008 CEST4436418334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.409430027 CEST64186443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.409451962 CEST4436418634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.409564018 CEST64186443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.410342932 CEST64186443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.410352945 CEST4436418634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.466728926 CEST4436418240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.467022896 CEST64182443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.468594074 CEST64182443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.468604088 CEST4436418240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.468880892 CEST4436418240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.469654083 CEST64182443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.469654083 CEST64182443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.469677925 CEST64182443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.469680071 CEST4436418240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.469686031 CEST4436418240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.469763994 CEST64182443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.469773054 CEST4436418240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.616156101 CEST4436418334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.616239071 CEST4436418334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.617120981 CEST64183443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.617120981 CEST64183443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.617120981 CEST64183443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.618375063 CEST58591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.618393898 CEST4435859134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.619128942 CEST58591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.619147062 CEST58591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.619157076 CEST4435859134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.623014927 CEST4436418634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.624001026 CEST64186443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.636039019 CEST64186443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.636050940 CEST4436418634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.636281967 CEST4436418634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.676103115 CEST64186443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.676146030 CEST64186443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.676152945 CEST4436418634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.701245070 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.701267004 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.702436924 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.702636003 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.702645063 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.735460043 CEST4436418240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.735477924 CEST4436418240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.735555887 CEST4436418240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.736057997 CEST64182443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.736058950 CEST64182443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.834532022 CEST4435859134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.835701942 CEST58591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.835887909 CEST58591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.835894108 CEST4435859134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.836169004 CEST4435859134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.837052107 CEST58591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.838000059 CEST58591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.838021994 CEST4435859134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.854113102 CEST4436418634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.854178905 CEST4436418634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.854376078 CEST64186443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.854540110 CEST64186443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.854540110 CEST64186443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.854551077 CEST4436418634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.854554892 CEST4436418634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.857013941 CEST51760443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.857037067 CEST4435176034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.857235909 CEST51760443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.857507944 CEST51760443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.857518911 CEST4435176034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.902292967 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.902318001 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.903104067 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.903280973 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.903296947 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.908770084 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.909760952 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.909769058 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.911170006 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.911395073 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.913022995 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.913130999 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.914060116 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.927093983 CEST64183443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.927110910 CEST4436418334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.956178904 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.957621098 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.957628965 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.003820896 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.065495968 CEST4435859134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.065558910 CEST4435859134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.066216946 CEST58591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.066216946 CEST58591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.066216946 CEST58591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.066999912 CEST60022443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.067019939 CEST4436002234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.067784071 CEST60022443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.068536997 CEST60022443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.068545103 CEST4436002234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.070694923 CEST4435176034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.070995092 CEST51760443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.072468996 CEST51760443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.072479010 CEST4435176034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.072686911 CEST4435176034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.074079037 CEST51760443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.074158907 CEST51760443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.074189901 CEST4435176034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.105185032 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.106414080 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.106426001 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.107368946 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.107867956 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.108297110 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.108370066 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.108377934 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.156183958 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.160456896 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.160469055 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.169727087 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.169778109 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.169846058 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.169903040 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.169962883 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.169972897 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.170154095 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.170227051 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.170268059 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.170348883 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.170537949 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.170537949 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.170542955 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.170737028 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.170778990 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.170831919 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.171011925 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.171435118 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.171550989 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.171664953 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.171948910 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.171948910 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.171948910 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.171948910 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.171948910 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.172136068 CEST51759443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.172147036 CEST44351759104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.208276987 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.283226013 CEST4436002234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.283431053 CEST60022443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.284262896 CEST60022443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.284271002 CEST4436002234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.284702063 CEST4436002234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.285355091 CEST60022443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.285463095 CEST60022443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.285469055 CEST4436002234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.299659967 CEST4435176034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.299741030 CEST4435176034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.300605059 CEST51760443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.300605059 CEST51760443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.300605059 CEST51760443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.301767111 CEST60025443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.301785946 CEST4436002534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.302011013 CEST60025443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.302237034 CEST60025443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.302244902 CEST4436002534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.355043888 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.355210066 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.355326891 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.355370998 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.355412960 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.355515003 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.355602980 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.355622053 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.355784893 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.355818033 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.355926037 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356015921 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356018066 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356148958 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356218100 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356311083 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356317043 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356347084 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356472969 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356488943 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356514931 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356669903 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356684923 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356708050 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356848955 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.356870890 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.357017040 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.357063055 CEST60021443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.357099056 CEST44360021104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.380671978 CEST58591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.380686045 CEST4435859134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.511735916 CEST4436002234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.511802912 CEST4436002234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.512794971 CEST60022443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.512980938 CEST60022443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.512980938 CEST60022443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.512994051 CEST4436002234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.513000011 CEST4436002234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.516122103 CEST4436002534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.516367912 CEST60025443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.518028021 CEST60025443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.518035889 CEST4436002534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.518310070 CEST4436002534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.519009113 CEST60025443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.519128084 CEST60025443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.519148111 CEST4436002534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.619046926 CEST51760443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.619072914 CEST4435176034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.745915890 CEST4436002534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.745980978 CEST4436002534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.746786118 CEST60025443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.746786118 CEST60025443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.746786118 CEST60025443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.748339891 CEST49375443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.748361111 CEST4434937534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.748661995 CEST49375443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.748861074 CEST49375443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.748872042 CEST4434937534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.903338909 CEST49376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.903374910 CEST4434937634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.903605938 CEST49376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.904295921 CEST49376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.904304028 CEST4434937634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.963931084 CEST4434937534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.965369940 CEST49375443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.966275930 CEST49375443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.966284990 CEST4434937534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.966660023 CEST4434937534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.967519999 CEST49375443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.967519999 CEST49375443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.967536926 CEST4434937534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.047180891 CEST60025443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.047297001 CEST4436002534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.117347956 CEST4434937634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.118016958 CEST49376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.119199038 CEST49376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.119209051 CEST4434937634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.119417906 CEST4434937634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.166279078 CEST49376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.166279078 CEST49376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.166299105 CEST4434937634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.192389011 CEST4434937534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.192467928 CEST4434937534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.192735910 CEST49375443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.192931890 CEST49375443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.192931890 CEST49375443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.192945957 CEST4434937534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.192950964 CEST4434937534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.194504023 CEST60412443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.194520950 CEST4436041234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.194828987 CEST60412443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.194983006 CEST60412443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.194994926 CEST4436041234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.348423004 CEST4434937634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.348507881 CEST4434937634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.348958969 CEST49376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.349047899 CEST49376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.349047899 CEST49376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.349060059 CEST4434937634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.349065065 CEST4434937634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.352509022 CEST60415443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.352525949 CEST4436041534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.353102922 CEST60415443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.353102922 CEST60415443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.353127003 CEST4436041534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.411946058 CEST4436041234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.412147999 CEST60412443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.413007021 CEST60412443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.413014889 CEST4436041234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.413371086 CEST4436041234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.413954020 CEST60412443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.414031029 CEST60412443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.414042950 CEST4436041234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.571285963 CEST4436041534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.571496010 CEST60415443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.572976112 CEST60415443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.572993994 CEST4436041534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.573314905 CEST4436041534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.574345112 CEST60415443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.574450016 CEST60415443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.574485064 CEST4436041534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.640980005 CEST4436041234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.641045094 CEST4436041234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.642147064 CEST60412443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.642147064 CEST60412443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.642147064 CEST60412443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.643728971 CEST60416443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.643795013 CEST4436041634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.643994093 CEST60416443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.644192934 CEST60416443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.644211054 CEST4436041634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.719578028 CEST62574443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.719599962 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.719747066 CEST62574443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.719896078 CEST62574443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.719907999 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.745848894 CEST65038443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.745938063 CEST4436503840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.746200085 CEST65038443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.746326923 CEST65038443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.746368885 CEST4436503840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.805041075 CEST4436041534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.805119038 CEST4436041534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.805690050 CEST60415443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.805690050 CEST60415443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.805690050 CEST60415443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.807472944 CEST65039443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.807508945 CEST4436503934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.807684898 CEST65039443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.807833910 CEST65039443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.807845116 CEST4436503934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825660944 CEST56131443192.168.11.203.162.125.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825678110 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825834036 CEST56009443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825856924 CEST56131443192.168.11.203.162.125.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825862885 CEST44356009142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825970888 CEST56009443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825978041 CEST56131443192.168.11.203.162.125.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825994015 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.826148033 CEST56009443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.826162100 CEST44356009142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.859771967 CEST4436041634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.860007048 CEST60416443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.861789942 CEST60416443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.861800909 CEST4436041634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.862046957 CEST4436041634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.863517046 CEST60416443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.863517046 CEST60416443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.863604069 CEST4436041634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.921621084 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.922799110 CEST62574443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.922811031 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.923865080 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.924285889 CEST62574443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.925218105 CEST62574443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.925276041 CEST62574443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.925283909 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.925313950 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.950975895 CEST60412443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.950992107 CEST4436041234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.976583958 CEST62574443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.976594925 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.021501064 CEST4436503934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.021989107 CEST65039443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.022983074 CEST65039443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.022989988 CEST4436503934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.023204088 CEST4436503934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.024148941 CEST65039443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.024230957 CEST65039443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.024288893 CEST4436503934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.025182009 CEST62574443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.036271095 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.036552906 CEST56131443192.168.11.203.162.125.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.036565065 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.037429094 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.037771940 CEST56131443192.168.11.203.162.125.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.038707018 CEST56131443192.168.11.203.162.125.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.038798094 CEST56131443192.168.11.203.162.125.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.038806915 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.038814068 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.050997019 CEST44356009142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.051378012 CEST56009443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.051388025 CEST44356009142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.052433968 CEST44356009142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.052723885 CEST56009443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.053709030 CEST56009443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.053771973 CEST44356009142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.053822041 CEST56009443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.085349083 CEST56131443192.168.11.203.162.125.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.085361958 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.092928886 CEST4436041634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.093127966 CEST4436041634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.093286991 CEST60416443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.096214056 CEST44356009142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.101197004 CEST56009443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.101237059 CEST44356009142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.102160931 CEST60416443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.102160931 CEST60416443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.102231979 CEST4436041634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.102255106 CEST4436041634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.104718924 CEST54554443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.104809999 CEST4435455434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.105043888 CEST54554443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.105305910 CEST54554443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.105364084 CEST4435455434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.118182898 CEST60415443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.118206024 CEST4436041534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.132116079 CEST56131443192.168.11.203.162.125.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.147883892 CEST56009443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.184196949 CEST4436503840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.184595108 CEST65038443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.185786963 CEST65038443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.185811043 CEST4436503840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.186307907 CEST4436503840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.186316967 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.186449051 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.186548948 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.186625004 CEST62574443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.186651945 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.186752081 CEST65038443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.186780930 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.186865091 CEST62574443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.186924934 CEST62574443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.186975956 CEST65038443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.187026978 CEST65038443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.187026978 CEST62574443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.187064886 CEST44362574104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.187094927 CEST4436503840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.188424110 CEST51608443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.188457012 CEST44351608104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.188632011 CEST51608443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.188860893 CEST51608443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.188884020 CEST44351608104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.250916958 CEST4436503934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.250982046 CEST4436503934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.252057076 CEST65039443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.252057076 CEST65039443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.252057076 CEST65039443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.253556013 CEST51610443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.253581047 CEST4435161034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.253885031 CEST51610443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.254031897 CEST51610443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.254040003 CEST4435161034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.285967112 CEST44356009142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.285995007 CEST44356009142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.286231041 CEST56009443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.286241055 CEST44356009142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.286277056 CEST44356009142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.286423922 CEST56009443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.287920952 CEST56009443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.287931919 CEST44356009142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.290407896 CEST57760443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.290425062 CEST44357760172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.290986061 CEST57760443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.291176081 CEST57760443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.291184902 CEST44357760172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.330864906 CEST4435455434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.331244946 CEST54554443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.332330942 CEST54554443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.332339048 CEST4435455434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.332760096 CEST4435455434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.333554029 CEST54554443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.333698988 CEST54554443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.333703995 CEST4435455434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.391812086 CEST44351608104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.392072916 CEST51608443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.392082930 CEST44351608104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.392505884 CEST44351608104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.392925024 CEST51608443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.393032074 CEST44351608104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.393091917 CEST51608443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.436223030 CEST44351608104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.440511942 CEST51608443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.466023922 CEST4436503840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.466043949 CEST4436503840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.466110945 CEST4436503840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.466499090 CEST65038443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.467689991 CEST65038443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.467703104 CEST4436503840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.473676920 CEST4435161034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.474878073 CEST51610443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.475651979 CEST51610443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.475661039 CEST4435161034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.476035118 CEST4435161034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.476964951 CEST51610443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.477044106 CEST51610443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.477051020 CEST4435161034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.497936010 CEST44357760172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.498243093 CEST57760443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.498250961 CEST44357760172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.499588966 CEST44357760172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.499772072 CEST57760443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.501878977 CEST57760443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.501976967 CEST57760443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.501982927 CEST44357760172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.545906067 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.545928955 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.545933962 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.546204090 CEST56131443192.168.11.203.162.125.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.546214104 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.546545029 CEST56131443192.168.11.203.162.125.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.547569990 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.547612906 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.547730923 CEST56131443192.168.11.203.162.125.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.548180103 CEST44357760172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.550013065 CEST57760443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.550021887 CEST44357760172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.551708937 CEST56131443192.168.11.203.162.125.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.551722050 CEST443561313.162.125.20192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.565402031 CEST4435455434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.565468073 CEST4435455434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.565640926 CEST54554443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.565737963 CEST54554443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.565737963 CEST54554443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.565749884 CEST4435455434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.565753937 CEST4435455434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.565881014 CEST65039443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.565886974 CEST4436503934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.569232941 CEST57796443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.569251060 CEST4435779634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.569420099 CEST57796443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.569787979 CEST57796443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.569796085 CEST4435779634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.594935894 CEST57760443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.654705048 CEST44351608104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.654747009 CEST44351608104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.654833078 CEST44351608104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.654947996 CEST44351608104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.655740976 CEST51608443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.656125069 CEST51608443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.656140089 CEST44351608104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.675228119 CEST58452443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.675247908 CEST4435845254.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.675374031 CEST58452443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.675754070 CEST58452443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.675764084 CEST4435845254.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.702470064 CEST4435161034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.702543020 CEST4435161034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.703150034 CEST51610443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.703150034 CEST51610443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.703150034 CEST51610443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.704292059 CEST64159443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.704310894 CEST4436415934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.704499960 CEST64159443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.704696894 CEST64159443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.704705954 CEST4436415934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.776747942 CEST44357760172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.776865005 CEST44357760172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.777795076 CEST57760443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.778179884 CEST57760443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.778189898 CEST44357760172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.779023886 CEST65228443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.779043913 CEST44365228172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.779427052 CEST65228443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.779624939 CEST65228443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.779632092 CEST44365228172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.784730911 CEST4435779634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.784924984 CEST57796443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.786935091 CEST57796443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.786942959 CEST4435779634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.787152052 CEST4435779634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.787950993 CEST57796443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.788022995 CEST57796443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.788031101 CEST4435779634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.850524902 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.850539923 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.850914955 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.850980043 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.850989103 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.885989904 CEST4435845254.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.887234926 CEST58452443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.887243032 CEST4435845254.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.888398886 CEST4435845254.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.889348984 CEST58452443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.890316963 CEST58452443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.890433073 CEST4435845254.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.890700102 CEST58452443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.920459986 CEST4436415934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.921608925 CEST64159443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.922158957 CEST64159443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.922168016 CEST4436415934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.922377110 CEST4436415934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.927537918 CEST64159443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.927537918 CEST64159443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.927556038 CEST4436415934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.931900978 CEST58452443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.931911945 CEST4435845254.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.966633081 CEST49188443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.966649055 CEST44349188142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.966667891 CEST49253443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.966685057 CEST44349253142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.967470884 CEST49188443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.967519045 CEST49188443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.967523098 CEST49253443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.967523098 CEST49253443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.967525005 CEST44349188142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.967550039 CEST44349253142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.977741003 CEST58452443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.982161999 CEST44365228172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.983041048 CEST65228443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.983052969 CEST44365228172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.984105110 CEST44365228172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.984379053 CEST65228443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.984558105 CEST65228443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.984671116 CEST44365228172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.984747887 CEST65228443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.009129047 CEST51610443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.009143114 CEST4435161034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.015305042 CEST4435779634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.015609980 CEST4435779634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.016715050 CEST57796443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.016715050 CEST57796443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.016715050 CEST57796443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.017847061 CEST49254443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.017865896 CEST4434925434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.018102884 CEST49254443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.018326998 CEST49254443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.018332005 CEST4434925434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.028182983 CEST44365228172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.039983034 CEST65228443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.039999008 CEST44365228172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.054013968 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.054320097 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.054332972 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.054912090 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.055471897 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.055589914 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.055598974 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.055617094 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.082117081 CEST4435845254.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.082169056 CEST4435845254.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.082285881 CEST58452443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.082910061 CEST58452443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.082921028 CEST4435845254.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.085774899 CEST64507443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.085807085 CEST4436450754.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.086175919 CEST65228443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.086213112 CEST64507443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.086478949 CEST64507443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.086487055 CEST4436450754.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.107026100 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.153158903 CEST4436415934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.153497934 CEST4436415934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.154036045 CEST64159443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.154036045 CEST64159443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.154036999 CEST64159443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.154829979 CEST64511443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.154926062 CEST4436451134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.155109882 CEST64511443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.155308008 CEST64511443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.155355930 CEST4436451134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.191267014 CEST44349188142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.191390991 CEST44349253142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.192236900 CEST49188443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.192250013 CEST44349188142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.192600012 CEST49253443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.192615032 CEST44349253142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.193027973 CEST44349188142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.194204092 CEST49188443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.194251060 CEST49188443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.194257975 CEST44349188142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.194339037 CEST44349253142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.194377899 CEST44349188142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.195194006 CEST49253443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.195452929 CEST49253443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.195564032 CEST44349253142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.199810982 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.199831009 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.200058937 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.200078011 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.200083971 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.200277090 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.200298071 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.200341940 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.200465918 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.200481892 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.200953007 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.200973988 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.201134920 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.201257944 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.201270103 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.203891993 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.203908920 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.204060078 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.204169035 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.204183102 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.217659950 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.217684984 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.218075037 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.218075037 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.218108892 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.232750893 CEST4434925434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.233702898 CEST49254443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.234235048 CEST49254443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.234242916 CEST4434925434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.234580994 CEST4434925434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.235268116 CEST49254443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.235316038 CEST49254443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.235349894 CEST4434925434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.240129948 CEST44365228172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.240226030 CEST44365228172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.240693092 CEST65228443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.241283894 CEST65228443192.168.11.20172.64.155.119
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.241283894 CEST49188443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.241285086 CEST49253443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.241300106 CEST44349253142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.241300106 CEST44365228172.64.155.119192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.245987892 CEST50662443192.168.11.2052.206.50.222
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.246016026 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.246156931 CEST50662443192.168.11.2052.206.50.222
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.246319056 CEST50662443192.168.11.2052.206.50.222
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.246334076 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.264928102 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.264950991 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.265081882 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.265222073 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.265242100 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.288908958 CEST49253443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.293102980 CEST4436450754.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.293750048 CEST64507443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.293761015 CEST4436450754.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.294487000 CEST4436450754.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.294857025 CEST64507443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.294965029 CEST64507443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.294976950 CEST4436450754.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.295047045 CEST4436450754.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.313026905 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.313088894 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.313153028 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.313290119 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.313455105 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.313457966 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.313460112 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.313476086 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.313689947 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.313826084 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.313838005 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.313906908 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.314030886 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.314276934 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.314294100 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.314502001 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.314546108 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.314632893 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.314666033 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.314677000 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.314821959 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.315256119 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.315335035 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.315376043 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.315407038 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.315412998 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.315421104 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.315510035 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.315665960 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.315674067 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.316159010 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.316211939 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.316318989 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.316339016 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.316498995 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.316509008 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.317148924 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.317186117 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.317220926 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.317323923 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.317334890 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.317384005 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.317394018 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.317498922 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.317504883 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.318058014 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.318156004 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.318231106 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.318696022 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.318696022 CEST57796443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.318717957 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.318731070 CEST4435779634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.318949938 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.319222927 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.319634914 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.319649935 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.349499941 CEST64507443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.364720106 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.372983932 CEST4436451134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.373683929 CEST64511443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.375180960 CEST64511443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.375186920 CEST4436451134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.375452995 CEST4436451134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.380095959 CEST64511443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.380095959 CEST64511443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.380156994 CEST4436451134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.407026052 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.408082008 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.408090115 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.409739017 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.410024881 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.410686970 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.410814047 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.410820961 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.412350893 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.412375927 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.412651062 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.413054943 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.413182974 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.413301945 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.413382053 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.413456917 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.413475990 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.413579941 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.413579941 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.413587093 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.413784981 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.413793087 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414117098 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414150953 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414177895 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414197922 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414197922 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414207935 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414226055 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414227009 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414321899 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414412975 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414438009 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414459944 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414465904 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.414990902 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.415138960 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.415570974 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.415570974 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.415580034 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.415585041 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.415668964 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.415862083 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.416250944 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.416594982 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.416649103 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.416649103 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.416659117 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.416744947 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.416744947 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.416790962 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.416831970 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.416843891 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.416887045 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.416985035 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.416990042 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.417093992 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.417105913 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.417407036 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.417601109 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.417639971 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.417648077 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.417794943 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.418250084 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.418416977 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.418472052 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.418481112 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.418536901 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.418627977 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.426656961 CEST44349188142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.426733971 CEST44349188142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.427187920 CEST49188443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.428045988 CEST49188443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.428055048 CEST44349188142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.451929092 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.452361107 CEST50662443192.168.11.2052.206.50.222
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.452372074 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.453315973 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.453538895 CEST50662443192.168.11.2052.206.50.222
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.454754114 CEST50662443192.168.11.2052.206.50.222
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.454801083 CEST50662443192.168.11.2052.206.50.222
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.454808950 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.454859972 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.456183910 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.457328081 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.457330942 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.457336903 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.457341909 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.457360983 CEST64159443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.457372904 CEST4436415934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.457444906 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.457452059 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.465171099 CEST4434925434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.465245962 CEST4434925434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.465960979 CEST49254443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.465960979 CEST49254443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.466742992 CEST49254443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.466752052 CEST4434925434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.468911886 CEST53445443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.468930006 CEST4435344534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.469054937 CEST53445443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.469252110 CEST53445443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.469259024 CEST4435344534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.471848965 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.472949982 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.472959995 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.473864079 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.474461079 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.475100994 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.475198030 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.475203037 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.475219965 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.493072033 CEST4436450754.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.493211985 CEST4436450754.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.493388891 CEST64507443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.493922949 CEST64507443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.493937016 CEST4436450754.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.503103018 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.503104925 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.503104925 CEST50662443192.168.11.2052.206.50.222
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.503122091 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.503181934 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.506088972 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.507116079 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.507123947 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.508080959 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.508264065 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.509443045 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.509562016 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.509563923 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.510441065 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.510694981 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.511145115 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.512131929 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.512284994 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.512295961 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.512614965 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.513063908 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.513211012 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.513626099 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.513977051 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.513977051 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.513988018 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.514250994 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.514424086 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.514540911 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.514969110 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.515149117 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.515414953 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.515414953 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.515424013 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.516247988 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.516482115 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.516494036 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.516695976 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.516863108 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.517117977 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.517128944 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.517282009 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.517290115 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.517297983 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.517402887 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.517503977 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.517677069 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.517689943 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.517822027 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.517828941 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518038988 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518053055 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518060923 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518130064 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518170118 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518248081 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518256903 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518387079 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518404961 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518414974 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518510103 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518600941 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518707037 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518718958 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518762112 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.518975973 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.519351006 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.519658089 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.519895077 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.520106077 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.520113945 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.520333052 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.520518064 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.520714998 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.520912886 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.521194935 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.521732092 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.522420883 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.522420883 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.522432089 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.522468090 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.522876978 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.522890091 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.523123026 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.523128986 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.523484945 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.524808884 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.524826050 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.525758028 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.525758028 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.525758028 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.525770903 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.526535034 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.526555061 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.526705980 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.526715994 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.527849913 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.527849913 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.527954102 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.527975082 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.529206038 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.529213905 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.530174017 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.530193090 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.530563116 CEST64512443192.168.11.20142.251.167.155
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.530580044 CEST44364512142.251.167.155192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.530708075 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.530718088 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.530941010 CEST64512443192.168.11.20142.251.167.155
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.530941010 CEST64512443192.168.11.20142.251.167.155
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.530966997 CEST44364512142.251.167.155192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.531802893 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.531820059 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.532867908 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.532867908 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.532880068 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.533731937 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.533751965 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.534174919 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.534182072 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.549701929 CEST50662443192.168.11.2052.206.50.222
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.549702883 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.549715042 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.564570904 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.580084085 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.595849991 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.601075888 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.601171970 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.601492882 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.601504087 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.602585077 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.604044914 CEST4436451134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.604130030 CEST4436451134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.604382992 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.604428053 CEST64511443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.604604006 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.604654074 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.604702950 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.604752064 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.604824066 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.605609894 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.605623960 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.605868101 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610033989 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610042095 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610285044 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610295057 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610336065 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610383987 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610383987 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610443115 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610460043 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610498905 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610547066 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610634089 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610841990 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610929012 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610940933 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.610991955 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.611012936 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.611025095 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.611031055 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.611136913 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.611293077 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.611309052 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.611388922 CEST51310443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.611406088 CEST44351310104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.613508940 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.616908073 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.616956949 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.617172003 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.617187977 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.617499113 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.620168924 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.624067068 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.624239922 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.624310017 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.627293110 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.627984047 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.628032923 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.630633116 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.630697012 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.630769014 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.630803108 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.630851984 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.630902052 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.631089926 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.631134987 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.634035110 CEST64511443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.634035110 CEST64511443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.634120941 CEST4436451134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.634149075 CEST4436451134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.634239912 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.634650946 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.634686947 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.634763956 CEST54376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.634861946 CEST4435437634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.635076046 CEST54376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.635273933 CEST54376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.635323048 CEST4435437634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.637974977 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.639050961 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.639100075 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.643943071 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644249916 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644757986 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644821882 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.645071983 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.646291018 CEST56112443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.646408081 CEST4435611263.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.646704912 CEST56112443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.646883011 CEST56112443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.646923065 CEST4435611263.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.647766113 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.647789001 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.648025036 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.648083925 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.650382042 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.650626898 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.650681019 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.652796030 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.652848959 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.652861118 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.652987957 CEST50662443192.168.11.2052.206.50.222
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.653021097 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.653033972 CEST50662443192.168.11.2052.206.50.222
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.653058052 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.653259993 CEST50662443192.168.11.2052.206.50.222
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.653337955 CEST50662443192.168.11.2052.206.50.222
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.653369904 CEST4435066252.206.50.222192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.669203043 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.676737070 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.680855989 CEST60389443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.680876970 CEST4436038954.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.681446075 CEST60389443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.681493044 CEST60389443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.681502104 CEST4436038954.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.682707071 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.682713032 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.682786942 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.682790995 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.683331013 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.683341980 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.683522940 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.683569908 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.684262991 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.684269905 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.684331894 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.684338093 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.684340954 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.684386969 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.684428930 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.684761047 CEST4435344534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.685137987 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.685137987 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.685137987 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.685137987 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.685137987 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.685154915 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.685161114 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.685168028 CEST53445443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.685880899 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.687068939 CEST53445443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.687076092 CEST4435344534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.687354088 CEST4435344534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.688290119 CEST53445443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.688481092 CEST53445443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.688538074 CEST4435344534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.699558973 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.699563980 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.699623108 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.699670076 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.699717999 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.700088024 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.700099945 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.700992107 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.700997114 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.701103926 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.701215982 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.701318026 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.701325893 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.703020096 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.703241110 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.703435898 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.703572989 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.703609943 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.703686953 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.703779936 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.704072952 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.704551935 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.704619884 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.704624891 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.704624891 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.704624891 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.704628944 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.708885908 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.710441113 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.710562944 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.710669041 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.710680962 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.710848093 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.713762999 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.716738939 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.717120886 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.717133045 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.719532967 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.720536947 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.720546961 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.722074032 CEST62680443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.722089052 CEST4436268069.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.722621918 CEST62680443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.722788095 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.723174095 CEST62680443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.723181009 CEST4436268069.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.724126101 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.724134922 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.724776030 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.725018024 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.725028992 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.726967096 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.727583885 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.727600098 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.729631901 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.729867935 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.730235100 CEST63671443192.168.11.20146.75.28.157
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.730246067 CEST44363671146.75.28.157192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.744276047 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.744290113 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.744416952 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.745312929 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.745312929 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.745325089 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.748547077 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.773350000 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.773354053 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.773418903 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.773463964 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.773534060 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.773680925 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.773974895 CEST50228443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.773984909 CEST4435022852.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.776494026 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.778258085 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.778270006 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.779416084 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.780252934 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.781152010 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.781265020 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.781410933 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.787900925 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.787918091 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.788054943 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.788280010 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.788291931 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.794827938 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.797792912 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.797797918 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.797862053 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.797909021 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.798937082 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.798937082 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.798937082 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.798954010 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.799249887 CEST44364512142.251.167.155192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.799846888 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.800602913 CEST64512443192.168.11.20142.251.167.155
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.800610065 CEST44364512142.251.167.155192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.801559925 CEST44364512142.251.167.155192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.802345037 CEST64512443192.168.11.20142.251.167.155
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.803224087 CEST64512443192.168.11.20142.251.167.155
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.803332090 CEST44364512142.251.167.155192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.803728104 CEST64512443192.168.11.20142.251.167.155
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.803735971 CEST44364512142.251.167.155192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.818134069 CEST56160443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.818150997 CEST4435616052.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.818325996 CEST56160443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.818466902 CEST56160443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.818476915 CEST4435616052.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.824179888 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.825783014 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.825788975 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.825845003 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.825907946 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.826041937 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.826041937 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.826056004 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.826121092 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.826668024 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.826678991 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.840435028 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.841173887 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.841182947 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.841670036 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.842148066 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.842257023 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.842313051 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.848911047 CEST56390443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.848929882 CEST44356390104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.849337101 CEST56586443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.849353075 CEST44356586104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.849874973 CEST56390443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.850281954 CEST56390443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.850296974 CEST56586443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.850296974 CEST56586443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.850298882 CEST44356390104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.850318909 CEST44356586104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.852451086 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.852477074 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.852642059 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.852642059 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.852652073 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.852690935 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.852690935 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.852931976 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.856887102 CEST4435611263.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.858081102 CEST56112443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.858093023 CEST4435611263.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.859072924 CEST4435611263.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.859416962 CEST64512443192.168.11.20142.251.167.155
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.859464884 CEST4435437634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.860229015 CEST56112443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.860533953 CEST54376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.861763000 CEST54376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.861769915 CEST4435437634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.861897945 CEST56112443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.861897945 CEST56112443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.861948967 CEST4435611263.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.862040997 CEST4435611263.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.862124920 CEST4435437634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.863490105 CEST54376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.863564014 CEST54376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.863569975 CEST4435437634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.874476910 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.878864050 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.878885984 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.879044056 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.879189014 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.879196882 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.879419088 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.884217978 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.888012886 CEST4436038954.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.888330936 CEST60389443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.888344049 CEST4436038954.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.888886929 CEST4436038954.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.889367104 CEST60389443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.889475107 CEST4436038954.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.890461922 CEST60389443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.890688896 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.890758038 CEST52394443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.890774965 CEST4435239464.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.891721964 CEST52394443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.891721964 CEST52394443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.891742945 CEST4435239464.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.906546116 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.906558990 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.906708956 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.906708956 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.906723976 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.906852961 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.906852961 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.906852961 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.906866074 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.906965017 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.907897949 CEST56112443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.907907963 CEST4435611263.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.911391020 CEST50670443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.911396980 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.911411047 CEST4435067035.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.912045956 CEST50670443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.912094116 CEST50670443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.912102938 CEST4435067035.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.912233114 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.912242889 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.912589073 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.914592981 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.914824009 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.918051004 CEST4435344534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.918124914 CEST4435344534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.918373108 CEST53445443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.918471098 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.918564081 CEST53445443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.918574095 CEST4435344534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.918757915 CEST53445443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.918757915 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.918757915 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.918772936 CEST4435344534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.920800924 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.921278954 CEST50675443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.921294928 CEST4435067534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.921713114 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.922133923 CEST50675443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.922133923 CEST50675443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.922163010 CEST4435067534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.923103094 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.924151897 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.926470995 CEST4436268069.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.928215027 CEST62680443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.928225040 CEST4436268069.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.928925037 CEST4436268069.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.929342031 CEST62680443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.929670095 CEST4436268069.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.931310892 CEST62680443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.931310892 CEST62680443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.931404114 CEST4436268069.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.931544065 CEST62680443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.932180882 CEST4436038954.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.934392929 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.934398890 CEST60389443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.934500933 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.934529066 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.934529066 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.934720993 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.934720993 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.934731960 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.934817076 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.949335098 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.949350119 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.949944973 CEST56112443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.949944973 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.949961901 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.949965000 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.960607052 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.960622072 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.960892916 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.960905075 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.961266041 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.972179890 CEST4436268069.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.974011898 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.974029064 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.974201918 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.974201918 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.974263906 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.974263906 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.974270105 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.974313021 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.975910902 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.976218939 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.976227999 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.976376057 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.980746984 CEST62680443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.980757952 CEST4436268069.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.985179901 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.985258102 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.985510111 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.985517025 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.985883951 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.989834070 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.991010904 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.991023064 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.992196083 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.992568970 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.995318890 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.995389938 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.995398998 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.996509075 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.996509075 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.996522903 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.996627092 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.996627092 CEST54791443192.168.11.2018.160.41.112
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.996639967 CEST4435479118.160.41.112192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.996671915 CEST60099443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.996682882 CEST4436009931.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.996723890 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.996728897 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.996752977 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.014691114 CEST53554443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.014705896 CEST4435355469.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.020653009 CEST4435616052.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.021892071 CEST56160443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.021903992 CEST4435616052.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.022841930 CEST4435616052.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.023859978 CEST56160443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.023859978 CEST56160443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.023940086 CEST56160443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.023946047 CEST4435616052.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.024019957 CEST56160443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.024027109 CEST4435616052.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.027221918 CEST62680443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.043468952 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.043483019 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.068770885 CEST4435611263.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.068846941 CEST4435611263.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.069003105 CEST56112443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.070585012 CEST56112443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.070596933 CEST4435611263.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.071100950 CEST56160443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.071115971 CEST4435616052.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.071995020 CEST61250443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.072010994 CEST4436125063.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.072149038 CEST61250443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.072285891 CEST61250443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.072294950 CEST4436125063.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.073431015 CEST44364512142.251.167.155192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.073508978 CEST44364512142.251.167.155192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.073858976 CEST64512443192.168.11.20142.251.167.155
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.075155973 CEST64512443192.168.11.20142.251.167.155
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.075166941 CEST44364512142.251.167.155192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.087321043 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.089732885 CEST4436038954.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.089806080 CEST4436038954.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.089997053 CEST60389443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.090362072 CEST60389443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.090370893 CEST4436038954.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.092351913 CEST59520443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.092437029 CEST4435952054.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.093568087 CEST59520443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.093568087 CEST59520443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.093715906 CEST4435952054.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.094297886 CEST4435437634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.094690084 CEST4435437634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.094934940 CEST54376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.095009089 CEST54376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.095010042 CEST54376443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.095068932 CEST4435437634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.095099926 CEST4435437634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.106384039 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.106666088 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.106910944 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.107156038 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.107343912 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.107389927 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.107532024 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.107712030 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.107867002 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.107870102 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.107903957 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.108201981 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.108236074 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.108274937 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.108666897 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.108741999 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.108783007 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.108824968 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.109075069 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.109285116 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.109302044 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.109337091 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.109572887 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.109615088 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.109879017 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.110088110 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.110116959 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.110169888 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.110351086 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.110392094 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.110595942 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.110780954 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.110810041 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.110843897 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.111089945 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.111135006 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.111342907 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.111510038 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.111552000 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.111586094 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.111795902 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.111843109 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.112086058 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.112251043 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.112303972 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.112498999 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.112685919 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.112881899 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.113075018 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.113261938 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.113425016 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.113543034 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.113543034 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.113543034 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.113606930 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.113862038 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.114037037 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.114058971 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.114105940 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.114204884 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.114394903 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.114445925 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.116281986 CEST56160443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.125163078 CEST4436268069.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.125329018 CEST4436268069.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.125986099 CEST62680443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.125986099 CEST62680443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.127501011 CEST44356586104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.127598047 CEST51096443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.127634048 CEST4435109669.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.127778053 CEST51096443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.127784014 CEST56586443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.127803087 CEST44356586104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.127901077 CEST51096443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.127923012 CEST4435109669.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.130086899 CEST44356586104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.130343914 CEST56586443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.130918980 CEST44356390104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.131158113 CEST56586443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.131242990 CEST56390443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.131258965 CEST44356390104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.131314039 CEST56586443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.131329060 CEST44356586104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.131351948 CEST44356586104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.133671045 CEST44356390104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.134047031 CEST56390443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.135551929 CEST56390443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.135963917 CEST44356390104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.137851954 CEST4435067035.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.137976885 CEST4435067534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.138169050 CEST50670443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.138181925 CEST4435067035.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.138386011 CEST50675443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.139333963 CEST50675443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.139343023 CEST4435067534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.139525890 CEST4435067035.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.139734030 CEST4435067534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.139751911 CEST50670443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.140539885 CEST50675443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.140603065 CEST50675443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.140661001 CEST4435067534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.140676022 CEST50670443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.140769958 CEST50670443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.140779018 CEST4435067035.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.141024113 CEST4435067035.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.149137020 CEST51097443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.149158955 CEST4435109734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.149280071 CEST51097443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.150525093 CEST51097443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.150535107 CEST4435109734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.163254023 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.176850080 CEST56390443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.176862001 CEST56586443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.176904917 CEST44356390104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.176917076 CEST44356586104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.183487892 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.183574915 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.183859110 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.183880091 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.184106112 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.184262037 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.184295893 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.184319973 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.184324980 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.184324980 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.184349060 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.184537888 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.184683084 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.193065882 CEST50670443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.193125010 CEST4435067035.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.199229002 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.199336052 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.199357986 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.199441910 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.199489117 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.199511051 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.199588060 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.199722052 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.199930906 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.208301067 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.208648920 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.208684921 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.208967924 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.212308884 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.212853909 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.213474035 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.214026928 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.214049101 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.214076042 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.214241982 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.214472055 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.214660883 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.214828014 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.215022087 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.215049982 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.215154886 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.215176105 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.215390921 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.215401888 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.215575933 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.215698957 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.215893030 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.215893030 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.215929985 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.215997934 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.216291904 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.216295004 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.216315985 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.216320992 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.216517925 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.216519117 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.216638088 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.216891050 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.216890097 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.216917992 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.217228889 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.217525005 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.217721939 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.218142033 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.218324900 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.218344927 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.218530893 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.221613884 CEST56390443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.221704960 CEST56586443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.223826885 CEST4435616052.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.223947048 CEST4435616052.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.224397898 CEST56160443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.224397898 CEST56160443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.226099968 CEST56084443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.226136923 CEST4435608452.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.227143049 CEST56084443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.227143049 CEST56084443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.227185011 CEST4435608452.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.227188110 CEST4435239464.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.228445053 CEST52394443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.228460073 CEST4435239464.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.230158091 CEST4435239464.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.231311083 CEST52394443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.231502056 CEST52394443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.231645107 CEST4435239464.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.231687069 CEST52394443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.238097906 CEST50670443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.272622108 CEST52394443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.272649050 CEST4435239464.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.277708054 CEST4436125063.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.278352976 CEST61250443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.278367996 CEST4436125063.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.279002905 CEST4436125063.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.279489040 CEST61250443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.279617071 CEST4436125063.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.279686928 CEST61250443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.279727936 CEST4436125063.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.296084881 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.296104908 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.296339035 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.296354055 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.296611071 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.305520058 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.305941105 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.306401968 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.306411028 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.307167053 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.307229996 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.307363033 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.307369947 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.307682991 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.309886932 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.310091972 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.311081886 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.311081886 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.311083078 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.311095953 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.311750889 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.311897039 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.311964989 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.311973095 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.312213898 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.312479973 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.312621117 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.313189030 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.313189030 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.313410997 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.313575029 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.313575029 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.315211058 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.315236092 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.315617085 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.315625906 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.316747904 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.316818953 CEST52394443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.322129965 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.322144985 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.323045969 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.323045969 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.323064089 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.329720020 CEST4435109669.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.330013990 CEST54614443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.330033064 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.330234051 CEST54614443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.330293894 CEST51096443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.330306053 CEST4435109669.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.330614090 CEST54614443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.330626965 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.330872059 CEST4435109669.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.331206083 CEST51096443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.331285954 CEST51096443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.331312895 CEST4435109669.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.331360102 CEST61250443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.333180904 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.333195925 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.333765984 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.333775043 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.334311008 CEST4435952054.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.334935904 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.335203886 CEST59520443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.335210085 CEST4435952054.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.335634947 CEST4435952054.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.336353064 CEST59520443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.336448908 CEST59520443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.336452961 CEST4435952054.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.336731911 CEST4435239464.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.336829901 CEST4435239464.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.336997032 CEST52394443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.337421894 CEST52394443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.337430954 CEST4435239464.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.364003897 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.364121914 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.364166021 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.364274025 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.364398956 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.364590883 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.365142107 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.365142107 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.365154028 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.365523100 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.365993023 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.366252899 CEST4435067534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.366307974 CEST4435067534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.366713047 CEST50675443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.366817951 CEST50675443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.366817951 CEST50675443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.366827965 CEST4435067534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.366831064 CEST4435067534.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.367665052 CEST4435067035.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.367748022 CEST4435067035.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.368769884 CEST50670443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.370740891 CEST4435109734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.371550083 CEST51097443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.372113943 CEST51097443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.372119904 CEST4435109734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.372337103 CEST4435109734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.373806000 CEST51097443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.373806953 CEST51097443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.373821974 CEST4435109734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.380485058 CEST59520443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.380491972 CEST4435952054.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.380567074 CEST51096443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.387496948 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.387510061 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.387912989 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.387921095 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.388158083 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.389785051 CEST44356586104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.389834881 CEST44356586104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.389988899 CEST56586443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.390250921 CEST56586443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.390259981 CEST44356586104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.392121077 CEST51987443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.392138004 CEST44351987104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.393156052 CEST51987443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.393330097 CEST51987443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.393340111 CEST44351987104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.402018070 CEST50670443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.402029991 CEST4435067035.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.402199984 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.402215958 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.403101921 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.403101921 CEST57381443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.403110027 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.403117895 CEST4435738135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.403652906 CEST57381443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.403652906 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.403805017 CEST57381443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.403814077 CEST4435738135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.416167974 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.416323900 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.416518927 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.416575909 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.417646885 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.430773973 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.430840015 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.430985928 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.431016922 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.431116104 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.431164980 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.436683893 CEST4435608452.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.437719107 CEST56084443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.437740088 CEST4435608452.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.438801050 CEST4435608452.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.440118074 CEST56084443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.440118074 CEST56084443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.440344095 CEST4435608452.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.441854000 CEST62680443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.441875935 CEST4436268069.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.444993973 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.445019960 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.446242094 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.446259022 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.447299004 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.456703901 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.456720114 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.456877947 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.456969023 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.456978083 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.458064079 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.467597961 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.467611074 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.467838049 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.468135118 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.468141079 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.468370914 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.473206043 CEST57384443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.473225117 CEST4435738440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.473397017 CEST57384443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.473484039 CEST57384443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.473490953 CEST4435738440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.489113092 CEST56084443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.489478111 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.489550114 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.489558935 CEST4436125063.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.489641905 CEST4436125063.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.490593910 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.490595102 CEST61250443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.490608931 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.490786076 CEST61250443192.168.11.2063.140.39.93
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.490806103 CEST4436125063.140.39.93192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.490808964 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.496386051 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.496458054 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.496469021 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.496877909 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.496948957 CEST60704443192.168.11.2099.84.191.43
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.496963024 CEST4436070499.84.191.43192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.525692940 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.526135921 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.526146889 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.526652098 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.527013063 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.527084112 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.527122021 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.528894901 CEST4435109669.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.528983116 CEST4435109669.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.529145956 CEST51096443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.529483080 CEST51096443192.168.11.2069.147.92.12
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.529491901 CEST4435109669.147.92.12192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.532358885 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.532597065 CEST54614443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.532608032 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.532784939 CEST56160443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.532794952 CEST4435616052.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.533040047 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.533474922 CEST54614443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.533590078 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.533643007 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.533658981 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.533763885 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.533780098 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.533781052 CEST54614443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.533781052 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.533909082 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.533910036 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.533915997 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.534002066 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.534019947 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.534394026 CEST4435952054.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.534451962 CEST4435952054.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.534579992 CEST59520443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.534840107 CEST59520443192.168.11.2054.146.244.228
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.534849882 CEST4435952054.146.244.228192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.544675112 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.544863939 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.544874907 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.544893980 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.544964075 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545044899 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545057058 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545110941 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545233011 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545233011 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545247078 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545306921 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545409918 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545420885 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545497894 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545564890 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545613050 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545622110 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545761108 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545772076 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545809031 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545857906 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545867920 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545917034 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.545917034 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546032906 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546044111 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546052933 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546189070 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546200037 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546226978 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546237946 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546287060 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546298027 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546384096 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546395063 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546482086 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546487093 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.546530962 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.576181889 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.577745914 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.588812113 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.588948011 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.588958025 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.589119911 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.615679979 CEST4435109734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.615750074 CEST4435109734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.616267920 CEST51097443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.616398096 CEST51097443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.616398096 CEST51097443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.616410017 CEST4435109734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.616415024 CEST4435109734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.621912003 CEST4435738135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.622302055 CEST57381443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.622313023 CEST4435738135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.622673988 CEST4435738135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.623138905 CEST57381443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.623225927 CEST57381443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.623234987 CEST4435738135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.623241901 CEST4435738135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.624669075 CEST54375443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.624696016 CEST44354375104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.635159969 CEST4435608452.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.635288954 CEST4435608452.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.635536909 CEST44351987104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.635850906 CEST56084443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.636044025 CEST56084443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.636044025 CEST56084443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.636055946 CEST4435608452.85.132.115192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.636065960 CEST51987443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.636079073 CEST44351987104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.636387110 CEST56084443192.168.11.2052.85.132.115
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.636724949 CEST44351987104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.637099981 CEST51987443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.637213945 CEST44351987104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.637229919 CEST51987443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.669970036 CEST57381443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.680182934 CEST44351987104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.684875965 CEST51987443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.724875927 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.724968910 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725020885 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725066900 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725078106 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725259066 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725272894 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725284100 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725383997 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725394011 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725431919 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725436926 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725552082 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725552082 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725593090 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725610971 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725650072 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725656033 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725737095 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725744009 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.725894928 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.726142883 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.726340055 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.726489067 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.726790905 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.726790905 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.726799965 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.726874113 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.726916075 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.726916075 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.726916075 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.726922989 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727066994 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727186918 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727186918 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727186918 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727195024 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727199078 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727386951 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727387905 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727400064 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727612972 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727653027 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727792978 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727792978 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727802992 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.727904081 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.728152037 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.728358984 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.728558064 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.728564024 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.728925943 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.735691071 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.736726046 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.736735106 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.737252951 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.737565994 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.738406897 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.738406897 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.738418102 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.738452911 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.738459110 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.738514900 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.738974094 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.739336967 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.739392042 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.739397049 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.739433050 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.768712997 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.768956900 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.769495964 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.769496918 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.769506931 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.783771038 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.783817053 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.783863068 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.783914089 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.783961058 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.784075975 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.784183979 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.784194946 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.784374952 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.784374952 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.784384966 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.784573078 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.784621000 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.784698009 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.784815073 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.784822941 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.785056114 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.785320997 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.785362005 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.785397053 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.785429955 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.785584927 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.786052942 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.786052942 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.786052942 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.786061049 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.786226034 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.786267042 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.786333084 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.786425114 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.786514997 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.786521912 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.786900043 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.787080050 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.787230015 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.787271023 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.787312984 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.787360907 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.787391901 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.788024902 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.788084984 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.788093090 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.788208961 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.788245916 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.788330078 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.788386106 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.788605928 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.788765907 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.788772106 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.788959026 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.789091110 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.789161921 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.789300919 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.789446115 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.789453030 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.789638042 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.790725946 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.791871071 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.792020082 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.792316914 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.792515039 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.792716026 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.792898893 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.792911053 CEST54614443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.792979002 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.793097019 CEST54614443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.793255091 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.793453932 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.793597937 CEST54614443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.793656111 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.793773890 CEST54614443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.793937922 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.794255018 CEST54614443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.794325113 CEST54614443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.794389963 CEST44354614104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.799141884 CEST60389443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.799243927 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.799928904 CEST60389443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.800661087 CEST60389443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.800725937 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.820591927 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.836487055 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.879225969 CEST4435738135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.879400015 CEST4435738135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.879726887 CEST57381443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.879900932 CEST57381443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.879924059 CEST4435738135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.881757021 CEST63911443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.881803036 CEST4436391135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.882014036 CEST63911443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.882189035 CEST63911443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.882210970 CEST4436391135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.882625103 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.882637978 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.882910967 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.883544922 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.883692026 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.883965969 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.883965969 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.883999109 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.884051085 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.884120941 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.884324074 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.884361982 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.884382963 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.884730101 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.885123014 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.885327101 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.885504007 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.886044025 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.886277914 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.886297941 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.886514902 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.886614084 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.886883020 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.887042046 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.887510061 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.887526989 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.887765884 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.887866974 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.887914896 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.888264894 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.888396978 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.888556957 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.888798952 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.888798952 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.888818979 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.888847113 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.889446974 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.889750957 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.895483971 CEST4435738440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.895678997 CEST57384443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.897804022 CEST57384443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.897826910 CEST4435738440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.898730993 CEST4435738440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.899595022 CEST57384443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.899595976 CEST57384443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.899637938 CEST57384443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.899676085 CEST4435738440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.905047894 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.905246973 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.905380011 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.905571938 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.905679941 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.905770063 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906109095 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906387091 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906387091 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906387091 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906387091 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906387091 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906387091 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906418085 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906440973 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906456947 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906456947 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906546116 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906666040 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906701088 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906701088 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906729937 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906779051 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906816959 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906896114 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906959057 CEST57706443192.168.11.2020.50.2.53
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.906989098 CEST4435770620.50.2.53192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.981220961 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.981386900 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.981913090 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.982115030 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.982244015 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.982877016 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.983078957 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.983120918 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.983372927 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.983395100 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.983561039 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.984483957 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.984862089 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.985229015 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.985416889 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.985433102 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.985817909 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.986041069 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.986041069 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.986628056 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.986644983 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.986895084 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.987251043 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.987786055 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.987786055 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.987799883 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.987890005 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.988074064 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.988241911 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.988241911 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.988645077 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.988740921 CEST65510443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.988763094 CEST44365510104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.990165949 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.990335941 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.990398884 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.990487099 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.990505934 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.990833044 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.991099119 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.991198063 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.991326094 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.991672993 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.991694927 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.991694927 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.991694927 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.991722107 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.991869926 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.991875887 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.991887093 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992082119 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992146015 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992202044 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992217064 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992413044 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992494106 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992564917 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992580891 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992608070 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992830038 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992918968 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992919922 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992937088 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.992944956 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.993046999 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.993110895 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.993124008 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.993226051 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.993307114 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.993371010 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.993385077 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.993397951 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.993500948 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.993617058 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.993626118 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.993813038 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.993877888 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.994111061 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.994242907 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.994384050 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.994481087 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.994669914 CEST44351987104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.994775057 CEST44351987104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.995136976 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.995193958 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.995193958 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.995213032 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.995284081 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.995358944 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.995460987 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.995743036 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.995846987 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.995909929 CEST51987443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.995909929 CEST51987443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.995959044 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.996722937 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.996723890 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.996818066 CEST56714443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.996833086 CEST44356714104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.997386932 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.997636080 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.997698069 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.998347044 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.998490095 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.998575926 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.998591900 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.998714924 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.998867035 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.999138117 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.999181032 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.999227047 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.999444008 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.999475956 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.999475956 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.999500036 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.999623060 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.999799967 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.999799967 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.999815941 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.999839067 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.000041962 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.000833988 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.001017094 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.002968073 CEST53131443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.002983093 CEST44353131104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.009468079 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.009989977 CEST60389443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.010011911 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.010699987 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.011351109 CEST60389443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.011553049 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.012496948 CEST60389443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.012505054 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.012532949 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.012547016 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.012567997 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.013752937 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.013825893 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.013854027 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.013874054 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.013997078 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.014018059 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.017400980 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.017431021 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.017611980 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.017745972 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.017771006 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.031219006 CEST63098443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.031259060 CEST4436309864.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.032390118 CEST63098443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.032390118 CEST63098443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.032438040 CEST4436309864.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.056188107 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.069916964 CEST56390443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.069917917 CEST56362443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.069952011 CEST44356362104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.070270061 CEST56362443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.070466995 CEST56362443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.070482969 CEST44356362104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.099946022 CEST4436391135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.100989103 CEST63911443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.101005077 CEST4436391135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.101807117 CEST4436391135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.103015900 CEST63911443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.103015900 CEST63911443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.103039026 CEST4436391135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.103149891 CEST4436391135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.112225056 CEST44356390104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.116017103 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.116044044 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.116569042 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.116677046 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.116693020 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.126621962 CEST65207443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.126652956 CEST4436520734.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.127568007 CEST65207443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.127753973 CEST65207443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.127773046 CEST4436520734.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.132044077 CEST65208443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.132067919 CEST4436520834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.132452965 CEST65208443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.132452965 CEST65208443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.132482052 CEST4436520834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.143654108 CEST63911443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.162044048 CEST4435738440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.162071943 CEST4435738440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.162198067 CEST4435738440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.163204908 CEST57384443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.163206100 CEST57384443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.218106031 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.218185902 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.218503952 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.218518972 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.218594074 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.218611002 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.219305038 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.219307899 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.219681978 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.219841003 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.219861984 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.219930887 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.219934940 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.220029116 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.220762014 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.221484900 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.221497059 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.222187042 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.222659111 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.222726107 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.222737074 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.222776890 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.257663012 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.257736921 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.257814884 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.257869005 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.257905006 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.258141994 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.258328915 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.258465052 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.258750916 CEST60389443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.258750916 CEST60389443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.259527922 CEST60389443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.259527922 CEST60389443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.259568930 CEST44360389104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.260186911 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.266892910 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.266896009 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.266896009 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.276319027 CEST44356362104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.277376890 CEST56362443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.277388096 CEST44356362104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.279222012 CEST44356362104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.280680895 CEST56362443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.280730009 CEST56362443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.280865908 CEST44356362104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.280937910 CEST56362443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.297254086 CEST51987443192.168.11.20104.244.42.133
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.297275066 CEST44351987104.244.42.133192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.324184895 CEST44356362104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.327203989 CEST56362443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.327217102 CEST44356362104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.338732958 CEST4436391135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.338812113 CEST4436391135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.339792013 CEST63911443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.340163946 CEST63911443192.168.11.2035.244.154.8
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.340192080 CEST4436391135.244.154.8192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.346400976 CEST4436520834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.347460985 CEST65208443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.348602057 CEST65208443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.348618031 CEST4436520834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.349062920 CEST4436520834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.349296093 CEST4436520734.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.349559069 CEST4436309864.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.350507021 CEST65207443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.350529909 CEST4436520734.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.350837946 CEST63098443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.350846052 CEST4436309864.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.351049900 CEST65208443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.351049900 CEST65208443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.351145029 CEST4436520834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.351361990 CEST4436309864.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.351936102 CEST4436520734.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.352689981 CEST63098443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.352736950 CEST63098443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.352746964 CEST4436309864.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.352814913 CEST4436309864.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.352843046 CEST65207443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.353224039 CEST65207443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.353318930 CEST4436520734.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.353355885 CEST65207443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.374314070 CEST56362443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.393522978 CEST44356390104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.393829107 CEST44356390104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.394108057 CEST56390443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.394195080 CEST56390443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.394251108 CEST44356390104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.396158934 CEST52760443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.396219015 CEST4436520734.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.396265030 CEST44352760104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.396660089 CEST52760443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.396835089 CEST52760443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.396883965 CEST44352760104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.403964996 CEST63098443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.403990030 CEST65207443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.404019117 CEST4436520734.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.448704958 CEST64490443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.448726892 CEST44364490142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.448888063 CEST65207443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.449960947 CEST64490443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.450045109 CEST56729443192.168.11.20142.251.167.102
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.450066090 CEST44356729142.251.167.102192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.451286077 CEST56729443192.168.11.20142.251.167.102
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.451803923 CEST56729443192.168.11.20142.251.167.102
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.451812983 CEST44356729142.251.167.102192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.451934099 CEST64490443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.451946974 CEST44364490142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.460040092 CEST4436309864.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.460097075 CEST4436309864.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.460222006 CEST63098443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.460889101 CEST63098443192.168.11.2064.202.112.95
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.460899115 CEST4436309864.202.112.95192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.465668917 CEST57384443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.465687037 CEST4435738440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.469198942 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.469333887 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.469525099 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.469582081 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.469660044 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.469674110 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.469775915 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.469981909 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.470007896 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.470127106 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.470135927 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.470216990 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.470267057 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.470297098 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.470304966 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.470347881 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.470442057 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.470634937 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.470701933 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.470931053 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471033096 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471040964 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471062899 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471220016 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471329927 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471365929 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471407890 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471421003 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471524000 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471602917 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471611023 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471628904 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471869946 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471880913 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.471910000 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.472100019 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.472222090 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.472306013 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.472348928 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.472451925 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.472590923 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.472651958 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.472832918 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473018885 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473021984 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473036051 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473048925 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473064899 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473107100 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473107100 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473117113 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473184109 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473243952 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473294020 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473432064 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473550081 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473679066 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473686934 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473769903 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473831892 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.473946095 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.474031925 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.474144936 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.474154949 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.474327087 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.474334955 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.474591017 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.474771023 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.474780083 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.474792957 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.474956989 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475064993 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475121021 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475135088 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475195885 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475208044 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475208044 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475313902 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475322962 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475399971 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475414038 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475430965 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475554943 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475568056 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475799084 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.475918055 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.476089001 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.476098061 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.476459026 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.476530075 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.476655006 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.476742983 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.477298021 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.477380991 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.477380991 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.477391005 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.477473974 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.477474928 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.477811098 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.479681015 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.479801893 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.479865074 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.479876995 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.480070114 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.486279964 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.486404896 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.486432076 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.486443996 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.486594915 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.493165970 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.493335009 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.499095917 CEST60616443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.499110937 CEST44360616104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.500096083 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.500165939 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.500252008 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.500262976 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.500402927 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.538213968 CEST44356362104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.538269997 CEST44356362104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.538326025 CEST44356362104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.538389921 CEST44356362104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.538536072 CEST56362443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.544207096 CEST56362443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.544219017 CEST44356362104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.545792103 CEST64770443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.545810938 CEST44364770104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.546175957 CEST64770443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.546355009 CEST64770443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.546365976 CEST44364770104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.573543072 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.573654890 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.573745012 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.573759079 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.573920965 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.575345993 CEST4436520734.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.575386047 CEST4436520734.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.575433969 CEST4436520734.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.575562954 CEST4436520734.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.575828075 CEST65207443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.575828075 CEST65207443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.575896978 CEST4436520834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.575973988 CEST4436520834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.576011896 CEST65207443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.576029062 CEST4436520734.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.576410055 CEST65208443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.576946020 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.577066898 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.577244997 CEST65208443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.577244997 CEST65208443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.577259064 CEST4436520834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.577263117 CEST4436520834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.577383041 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.577395916 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.577569008 CEST64772443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.577590942 CEST4436477234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.578068018 CEST64772443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.578279018 CEST64772443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.578289032 CEST4436477234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.583971024 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.584374905 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.584388018 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.590914965 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.591049910 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.591881037 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.591896057 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.592267036 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.597976923 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.598047018 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.598896980 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.598913908 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.599922895 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.602715969 CEST57465443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.602735043 CEST4435746534.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.602981091 CEST57465443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.603100061 CEST57465443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.603108883 CEST4435746534.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.604857922 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.605429888 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.611624002 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.611710072 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.612673998 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.612687111 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.613122940 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.618607044 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.618922949 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.618936062 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.624793053 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.625030994 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.625044107 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.631089926 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.631242037 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.631242990 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.631256104 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.631422997 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.637490988 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.637562037 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.638202906 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.638216972 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.638514042 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.643640995 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.643877983 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.644042015 CEST44352760104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.644367933 CEST52760443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.644381046 CEST44352760104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.645036936 CEST44352760104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.645420074 CEST52760443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.645483017 CEST52760443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.645494938 CEST44352760104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.645555019 CEST44352760104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.647003889 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.647340059 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.647392035 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.653270006 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.653315067 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.654423952 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.654441118 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.655450106 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.672316074 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.672741890 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.674659014 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.674787998 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.674909115 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.674921036 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.675076962 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.675158024 CEST44364490142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.675489902 CEST64490443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.675502062 CEST44364490142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.676908970 CEST44364490142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.677687883 CEST64490443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.678581953 CEST64490443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.678581953 CEST64490443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.678596973 CEST44364490142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.678688049 CEST44364490142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.679692984 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.679745913 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.679871082 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.679883003 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.680243969 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.684396982 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.685318947 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.686029911 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.686564922 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.686578035 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.687726974 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.688214064 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.688833952 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.689003944 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.689065933 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.689080954 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.689201117 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.689201117 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.689273119 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.689279079 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.689287901 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.693401098 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.693502903 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.694441080 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.694453955 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.695094109 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.698164940 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.698411942 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.698421955 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.699682951 CEST52760443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.702548981 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.702639103 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.703150988 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.703164101 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.703319073 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.707248926 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.707459927 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.711925983 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.712068081 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.712213993 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.712213993 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.712986946 CEST50744443192.168.11.2031.13.66.19
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.713002920 CEST4435074431.13.66.19192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.725864887 CEST44356729142.251.167.102192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.726877928 CEST56729443192.168.11.20142.251.167.102
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.726890087 CEST44356729142.251.167.102192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.727458000 CEST44356729142.251.167.102192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.727786064 CEST56729443192.168.11.20142.251.167.102
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.728213072 CEST44356729142.251.167.102192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.728395939 CEST56729443192.168.11.20142.251.167.102
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.729371071 CEST56729443192.168.11.20142.251.167.102
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.729480028 CEST44356729142.251.167.102192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.729547024 CEST56729443192.168.11.20142.251.167.102
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.729573965 CEST44356729142.251.167.102192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.731414080 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.731414080 CEST64490443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.731430054 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.731436014 CEST44364490142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.749394894 CEST44364770104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.749824047 CEST64770443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.749835014 CEST44364770104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.750459909 CEST44364770104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.750823021 CEST64770443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.750927925 CEST44364770104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.751008034 CEST64770443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.779397011 CEST64490443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.779397011 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.779417038 CEST56729443192.168.11.20142.251.167.102
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.779428959 CEST44356729142.251.167.102192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.779448032 CEST57878443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.779459953 CEST44357878104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.791076899 CEST4436477234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.792140961 CEST64772443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.792181969 CEST44364770104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.792742968 CEST64772443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.792752981 CEST4436477234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.793024063 CEST4436477234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.794696093 CEST64772443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.794883013 CEST64772443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.794938087 CEST4436477234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.795414925 CEST64770443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.822175026 CEST4435746534.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.822390079 CEST53861443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.822412014 CEST44353861142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.822946072 CEST59016443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.822958946 CEST44359016157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.823031902 CEST57465443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.823041916 CEST4435746534.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.823138952 CEST53861443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.823138952 CEST53861443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.823177099 CEST44353861142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.823506117 CEST59016443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.823596001 CEST59016443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.823606014 CEST44359016157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.823712111 CEST4435746534.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.824157000 CEST57465443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.824249983 CEST57465443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.824263096 CEST4435746534.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.827328920 CEST56729443192.168.11.20142.251.167.102
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.868190050 CEST4435746534.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.872253895 CEST57465443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.901644945 CEST44364490142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.901801109 CEST44364490142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.902054071 CEST64490443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.902307034 CEST64490443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.902318001 CEST44364490142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.930957079 CEST44352760104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.931022882 CEST44352760104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.931258917 CEST52760443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.931427956 CEST52760443192.168.11.20104.244.42.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.931444883 CEST44352760104.244.42.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.000370026 CEST44364770104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.000422001 CEST44364770104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.000464916 CEST44364770104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.000516891 CEST44364770104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.000713110 CEST64770443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.001096010 CEST64770443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.002051115 CEST64770443192.168.11.20104.19.178.52
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.002063990 CEST44364770104.19.178.52192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.008836985 CEST44356729142.251.167.102192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.008902073 CEST44356729142.251.167.102192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.009196043 CEST56729443192.168.11.20142.251.167.102
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.009377003 CEST56729443192.168.11.20142.251.167.102
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.009393930 CEST44356729142.251.167.102192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.021215916 CEST4436477234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.021294117 CEST4436477234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.021543980 CEST64772443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.021651030 CEST64772443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.021651030 CEST64772443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.021671057 CEST4436477234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.021677971 CEST4436477234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.022572994 CEST65397443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.022593021 CEST4436539734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.022742033 CEST65397443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.022912025 CEST65397443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.022921085 CEST4436539734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.025353909 CEST44359016157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.026367903 CEST59016443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.026379108 CEST44359016157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.027755976 CEST44359016157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.028846025 CEST59016443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.029778004 CEST59016443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.029778004 CEST59016443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.029791117 CEST44359016157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.029913902 CEST44359016157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.047281981 CEST44353861142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.048599958 CEST53861443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.048610926 CEST44353861142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.049199104 CEST44353861142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.050262928 CEST53861443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.050348043 CEST44353861142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.050457954 CEST53861443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.053584099 CEST4435746534.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.053642988 CEST4435746534.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.053824902 CEST57465443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.054253101 CEST57465443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.054265976 CEST4435746534.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.056788921 CEST60121443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.056812048 CEST4436012134.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.057173967 CEST60121443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.057301998 CEST60121443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.057313919 CEST4436012134.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.064491034 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.064512014 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.064516068 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.064557076 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.064562082 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.064605951 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.064798117 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.064812899 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.064977884 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.065140009 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.065145016 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.065197945 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.065269947 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.065275908 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.065280914 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.065466881 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.066664934 CEST58429443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.066675901 CEST4435842952.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.073224068 CEST49677443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.073251009 CEST4434967752.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.073441029 CEST49677443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.073550940 CEST49677443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.073559999 CEST4434967752.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.076551914 CEST59016443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.076562881 CEST44359016157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.091617107 CEST53861443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.091629028 CEST44353861142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.122582912 CEST59016443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.222465992 CEST44359016157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.222539902 CEST44359016157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.223723888 CEST59016443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.224107027 CEST59016443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.224117994 CEST44359016157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.225193977 CEST49577443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.225214958 CEST44349577157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.226253033 CEST49577443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.226588011 CEST49577443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.226602077 CEST44349577157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.236911058 CEST4436539734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.237878084 CEST65397443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.238914013 CEST65397443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.238922119 CEST4436539734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.239228010 CEST4436539734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.274158955 CEST44353861142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.274451971 CEST44353861142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.274621964 CEST53861443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.274836063 CEST53861443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.274893045 CEST44353861142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.275837898 CEST49260443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.275914907 CEST44349260142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.276000977 CEST63463443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.276066065 CEST49260443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.276097059 CEST44363463142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.276205063 CEST49260443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.276247978 CEST44349260142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.276247978 CEST63463443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.276361942 CEST63463443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.276413918 CEST44363463142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.280072927 CEST4436012134.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.280607939 CEST60121443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.280661106 CEST4436012134.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.282572985 CEST4436012134.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.282941103 CEST60121443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.283046007 CEST60121443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.283098936 CEST4436012134.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.283579111 CEST4436012134.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.292071104 CEST65397443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.297298908 CEST65397443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.297729969 CEST65397443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.297790051 CEST4436539734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.337023973 CEST60121443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.433723927 CEST44349577157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.434251070 CEST49577443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.434308052 CEST44349577157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.435946941 CEST44349577157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.436347961 CEST49577443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.436403036 CEST49577443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.436438084 CEST44349577157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.436654091 CEST44349577157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.442372084 CEST4434967752.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.442681074 CEST49677443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.442704916 CEST4434967752.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.443528891 CEST4434967752.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.443923950 CEST49677443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.444016933 CEST49677443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.444026947 CEST4434967752.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.444123983 CEST4434967752.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.467077017 CEST4436539734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.467154980 CEST4436539734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.467386961 CEST65397443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.467648029 CEST65397443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.467648029 CEST65397443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.467659950 CEST4436539734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.467664003 CEST4436539734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.482392073 CEST49577443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.492568970 CEST49677443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.497641087 CEST4436012134.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.497716904 CEST4436012134.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.498173952 CEST60121443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.498235941 CEST60121443192.168.11.2034.96.102.137
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.498246908 CEST4436012134.96.102.137192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.503343105 CEST44363463142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.504507065 CEST63463443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.504534960 CEST44363463142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.505189896 CEST44363463142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.505423069 CEST44349260142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.506345987 CEST49260443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.506357908 CEST44349260142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.506413937 CEST63463443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.506541014 CEST44363463142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.506613016 CEST63463443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.506839991 CEST44349260142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.507556915 CEST49260443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.507607937 CEST49260443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.507617950 CEST44349260142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.507630110 CEST44349260142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.511274099 CEST55444443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.511307955 CEST4435544434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.512262106 CEST55444443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.512262106 CEST55444443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.512285948 CEST4435544434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.548197031 CEST44363463142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.555372000 CEST63463443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.555372953 CEST49260443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.629656076 CEST44349577157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.629848957 CEST44349577157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.630537987 CEST49577443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.630867004 CEST49577443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.630867004 CEST49577443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.630908012 CEST44349577157.240.229.35192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.631381035 CEST49577443192.168.11.20157.240.229.35
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.732687950 CEST4435544434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.733170986 CEST55444443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.734488010 CEST44363463142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.734592915 CEST44363463142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.734734058 CEST55444443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.734745026 CEST4435544434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.735018969 CEST4435544434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.735598087 CEST63463443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.735598087 CEST63463443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.735678911 CEST55444443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.735795975 CEST55444443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.735805035 CEST4435544434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.747523069 CEST44349260142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.747613907 CEST44349260142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.748397112 CEST49260443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.748397112 CEST49260443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.748416901 CEST44349260142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.750194073 CEST54861443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.750225067 CEST44354861142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.750442028 CEST54861443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.750583887 CEST54861443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.750593901 CEST44354861142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.808593035 CEST4434967752.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.808676958 CEST4434967752.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.808851004 CEST49677443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.809436083 CEST49677443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.809448004 CEST4434967752.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.812360048 CEST62498443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.812378883 CEST4436249852.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.813086987 CEST62498443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.813134909 CEST62498443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.813143969 CEST4436249852.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.967845917 CEST4435544434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.968033075 CEST4435544434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.968157053 CEST55444443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.968209982 CEST55444443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.968209982 CEST55444443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.968225956 CEST4435544434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.968233109 CEST4435544434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.974157095 CEST44354861142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.975410938 CEST54861443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.975421906 CEST44354861142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.975877047 CEST44354861142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.976450920 CEST54861443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.976484060 CEST54861443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.976492882 CEST44354861142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.976536989 CEST44354861142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.020365953 CEST54861443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.035409927 CEST63463443192.168.11.20142.251.16.156
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.035478115 CEST44363463142.251.16.156192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.178744078 CEST49239443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.178765059 CEST4434923934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.180092096 CEST49239443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.180113077 CEST49239443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.180121899 CEST4434923934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.185972929 CEST4436249852.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.186317921 CEST62498443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.186330080 CEST4436249852.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.186681986 CEST4436249852.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.188009024 CEST62498443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.188055992 CEST62498443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.188060999 CEST4436249852.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.188092947 CEST4436249852.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.216284037 CEST44354861142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.216362953 CEST44354861142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.216809034 CEST54861443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.216919899 CEST54861443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.216932058 CEST44354861142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.238030910 CEST62498443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.394407988 CEST4434923934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.395663977 CEST49239443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.396421909 CEST49239443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.396430969 CEST4434923934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.396657944 CEST4434923934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.444469929 CEST49239443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.533099890 CEST64146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.533118963 CEST4436414640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.534284115 CEST64146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.534405947 CEST64146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.534418106 CEST4436414640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.541130066 CEST49239443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.541233063 CEST49239443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.541250944 CEST4434923934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.557087898 CEST4436249852.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.557146072 CEST4436249852.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.557430983 CEST62498443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.558626890 CEST62498443192.168.11.2052.51.126.101
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.558636904 CEST4436249852.51.126.101192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.767616987 CEST4434923934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.767751932 CEST4434923934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.769011974 CEST49239443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.769011974 CEST49239443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.769012928 CEST49239443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.769187927 CEST52656443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.769208908 CEST4435265634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.769515038 CEST52656443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.769673109 CEST52656443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.769682884 CEST4435265634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.943039894 CEST4436414640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.943523884 CEST64146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.945205927 CEST64146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.945215940 CEST4436414640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.945434093 CEST4436414640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.946144104 CEST64146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.946207047 CEST64146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.946233988 CEST64146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.946235895 CEST4436414640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.946244001 CEST4436414640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.946307898 CEST64146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.983658075 CEST4435265634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.983922005 CEST52656443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.984848976 CEST52656443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.984862089 CEST4435265634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.985136032 CEST4435265634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.988219023 CEST4436414640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.003206968 CEST52656443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.003206968 CEST52656443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.003241062 CEST4435265634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.077873945 CEST49239443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.077893019 CEST4434923934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.209104061 CEST4436414640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.209119081 CEST4436414640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.209173918 CEST4436414640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.210226059 CEST64146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.210459948 CEST64146443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.210477114 CEST4436414640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.214999914 CEST4435265634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.215082884 CEST4435265634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.215411901 CEST52656443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.215600014 CEST52656443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.215600014 CEST52656443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.215615034 CEST4435265634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.215621948 CEST4435265634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.898509026 CEST55223443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.898551941 CEST4435522334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.898675919 CEST55223443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.898886919 CEST55223443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:45.898907900 CEST4435522334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.116635084 CEST4435522334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.116929054 CEST55223443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.118390083 CEST55223443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.118408918 CEST4435522334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.118783951 CEST4435522334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.119483948 CEST55223443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.119668961 CEST55223443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.119683981 CEST4435522334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.348875046 CEST4435522334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.348963976 CEST4435522334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.349107027 CEST55223443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.349432945 CEST55223443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.349432945 CEST55223443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.349443913 CEST4435522334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.349448919 CEST4435522334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.406169891 CEST55224443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.406200886 CEST4435522434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.406619072 CEST55224443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.407218933 CEST55224443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.407233000 CEST4435522434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.621941090 CEST4435522434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.622765064 CEST55224443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.623086929 CEST55224443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.623092890 CEST4435522434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.623295069 CEST4435522434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.623955011 CEST55224443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.624053001 CEST55224443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.624058008 CEST4435522434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.853156090 CEST4435522434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.853291035 CEST4435522434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.854310036 CEST55224443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.854681015 CEST55224443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.854681015 CEST55224443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.854690075 CEST4435522434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:46.854693890 CEST4435522434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.126430988 CEST55225443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.126461029 CEST4435522534.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.126597881 CEST55225443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.126781940 CEST55225443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.126791000 CEST4435522534.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.228027105 CEST55226443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.228049040 CEST4435522640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.228872061 CEST55226443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.229149103 CEST55226443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.229156017 CEST4435522640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.340702057 CEST4435522534.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.340950966 CEST55225443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.454739094 CEST55225443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.454752922 CEST4435522534.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.455004930 CEST4435522534.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.455542088 CEST55225443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.455542088 CEST55225443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.496289015 CEST4435522534.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.587209940 CEST4435522534.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.587295055 CEST4435522534.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.587379932 CEST55225443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.587469101 CEST55225443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.587469101 CEST55225443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.587486029 CEST4435522534.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.587723017 CEST55225443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.645663023 CEST4435522640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.645978928 CEST55226443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.647425890 CEST55226443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.647433043 CEST4435522640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.647701025 CEST4435522640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.648252964 CEST55226443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.648252964 CEST55226443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.648271084 CEST55226443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.648308992 CEST4435522640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.648350954 CEST55226443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.648375988 CEST4435522640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.912020922 CEST4435522640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.912040949 CEST4435522640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.912115097 CEST4435522640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.912421942 CEST55226443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.913530111 CEST55226443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.913541079 CEST4435522640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:49.918056965 CEST55227443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:49.918078899 CEST4435522740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:49.918315887 CEST55227443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:49.918500900 CEST55227443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:49.918509960 CEST4435522740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.191030979 CEST44349253142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.191102028 CEST44349253142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.191957951 CEST49253443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.343898058 CEST4435522740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.344774008 CEST55227443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.346028090 CEST55227443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.346035004 CEST4435522740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.346324921 CEST4435522740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.347320080 CEST55227443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.347372055 CEST55227443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.347383976 CEST4435522740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.347418070 CEST55227443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.347469091 CEST4435522740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.619735956 CEST4435522740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.619767904 CEST4435522740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.619842052 CEST4435522740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.619965076 CEST55227443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.621289968 CEST55227443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.621289968 CEST55227443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.930881023 CEST55227443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.930906057 CEST4435522740.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:51.463270903 CEST49253443192.168.11.20142.251.16.105
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:51.463308096 CEST44349253142.251.16.105192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:52.820590973 CEST55228443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:52.820612907 CEST4435522840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:52.820827961 CEST55228443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:52.821011066 CEST55228443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:52.821022034 CEST4435522840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.244527102 CEST4435522840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.244720936 CEST55228443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.246177912 CEST55228443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.246184111 CEST4435522840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.246646881 CEST4435522840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.247940063 CEST55228443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.247940063 CEST55228443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.247956991 CEST55228443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.247967958 CEST4435522840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.513895035 CEST4435522840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.513917923 CEST4435522840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.514029026 CEST4435522840.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.514549971 CEST55228443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.514549971 CEST55228443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:53.514549971 CEST55228443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.532233953 CEST55229443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.532258034 CEST4435522940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.532407045 CEST55229443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.532572985 CEST55229443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.532579899 CEST4435522940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.947021008 CEST4435522940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.947869062 CEST55229443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.948690891 CEST55229443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.948710918 CEST4435522940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.949105024 CEST4435522940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.949687004 CEST55229443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.949687004 CEST55229443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.949714899 CEST55229443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.949740887 CEST4435522940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.949762106 CEST55229443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:55.949809074 CEST4435522940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:56.215713024 CEST4435522940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:56.215753078 CEST4435522940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:56.215893984 CEST4435522940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:56.216713905 CEST55229443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:56.216864109 CEST55229443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:56.217245102 CEST55229443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:56.217263937 CEST4435522940.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.227977991 CEST55230443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.228003025 CEST4435523040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.228316069 CEST55230443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.228499889 CEST55230443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.228507042 CEST4435523040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.642659903 CEST4435523040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.642879963 CEST55230443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.644155025 CEST55230443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.644161940 CEST4435523040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.644469023 CEST4435523040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.644860983 CEST55230443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.644912004 CEST55230443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.644932985 CEST4435523040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.644965887 CEST55230443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.644982100 CEST4435523040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.912281036 CEST4435523040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.912296057 CEST4435523040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.912370920 CEST4435523040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.912480116 CEST55230443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.912659883 CEST55230443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.912827015 CEST55230443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.912837029 CEST4435523040.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:59.682714939 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:59.682734966 CEST4435523120.190.190.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:59.682871103 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:59.682965994 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:59.682971954 CEST4435523120.190.190.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.173261881 CEST4435523120.190.190.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.173779011 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.184134960 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.184144020 CEST4435523120.190.190.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.184421062 CEST4435523120.190.190.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.184900999 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.184900999 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.184950113 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.184963942 CEST4435523120.190.190.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.539422035 CEST4435523120.190.190.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.539454937 CEST4435523120.190.190.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.539560080 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.539585114 CEST4435523120.190.190.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.539597988 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.539602995 CEST4435523120.190.190.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.539671898 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.539848089 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.539848089 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.539848089 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.848938942 CEST55231443192.168.11.2020.190.190.195
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:00.848953962 CEST4435523120.190.190.195192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:07.834265947 CEST55232443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:07.834287882 CEST4435523234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:07.834455967 CEST55232443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:07.836100101 CEST55232443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:07.836110115 CEST4435523234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.049546957 CEST4435523234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.049818039 CEST55232443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.050709963 CEST55232443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.050719976 CEST4435523234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.050903082 CEST4435523234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.076210976 CEST55232443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.076705933 CEST55232443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.076757908 CEST4435523234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.280867100 CEST4435523234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.280946016 CEST4435523234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.281122923 CEST55232443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.281269073 CEST55232443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.281269073 CEST55232443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.281284094 CEST4435523234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.281306028 CEST4435523234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.283548117 CEST55234443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.283565998 CEST4435523434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.283737898 CEST55234443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.283922911 CEST55234443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.283931971 CEST4435523434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.513216972 CEST4435523434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.513468981 CEST55234443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.514432907 CEST55234443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.514486074 CEST4435523434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.516249895 CEST4435523434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.516942024 CEST55234443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.517036915 CEST55234443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.517290115 CEST4435523434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.523739100 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.523858070 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.524097919 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.524627924 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.524697065 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.737808943 CEST4435523434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.738188982 CEST4435523434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.738322020 CEST55234443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.738384962 CEST55234443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.738384962 CEST55234443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.738415956 CEST4435523434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.738428116 CEST4435523434.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.740410089 CEST55236443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.740444899 CEST4435523634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.740611076 CEST55236443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.740794897 CEST55236443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.740823030 CEST4435523634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.750401974 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.750577927 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.751647949 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.751665115 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.752120018 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.752780914 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.753042936 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.753066063 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.753109932 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.753140926 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.796226025 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.961456060 CEST4435523634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.961719990 CEST55236443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.962657928 CEST55236443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.962677002 CEST4435523634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.963264942 CEST4435523634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.963879108 CEST55236443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.963949919 CEST55236443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.963972092 CEST4435523634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.974668026 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.974782944 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.974831104 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.974924088 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.974944115 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.975173950 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.975191116 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.982811928 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.983023882 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.983042955 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.990339994 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.990365982 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.990595102 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.990613937 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.990765095 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.997626066 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.004658937 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.004946947 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.004964113 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.056068897 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.078764915 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.082160950 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.082288980 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.082422018 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.082434893 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.082783937 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.089322090 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.089510918 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.089766979 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.089778900 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.096638918 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.096786022 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.096798897 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.104080915 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.104142904 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.104352951 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.104366064 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.104610920 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.111157894 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.118480921 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.118571997 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.118856907 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.118870020 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.119036913 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.125724077 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.125845909 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.126106024 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.126118898 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.132704020 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.132932901 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.132946014 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.139286995 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.139370918 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.139568090 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.139580965 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.139807940 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.146004915 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.152501106 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.152601957 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.152714014 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.152726889 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.153055906 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.159118891 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.165893078 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.166011095 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.166275024 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.166301012 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.166655064 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.182554960 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.185494900 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.185583115 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.185724974 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.185736895 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.185949087 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.190462112 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.192115068 CEST4435523634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.192200899 CEST4435523634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.192389011 CEST55236443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.192442894 CEST55236443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.192442894 CEST55236443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.192452908 CEST4435523634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.192456961 CEST4435523634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.195039034 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.195074081 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.195420027 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.195432901 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.195780039 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.199724913 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.204480886 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.204596043 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.204744101 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.204758883 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.204914093 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.209245920 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.214546919 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.214740038 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.214751959 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.219540119 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.219592094 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.219774008 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.219785929 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.220058918 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.223449945 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.228044033 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.228319883 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.228332043 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.230535030 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.230674982 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.230686903 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.235235929 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.235378027 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.235389948 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.239944935 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.240150928 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.240164042 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.244697094 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.244843006 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.244854927 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.249317884 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.249556065 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.249567986 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.254077911 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.254108906 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.254219055 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.254230976 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.254416943 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.258616924 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.263240099 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.263362885 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.263603926 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.263617039 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.263828039 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.267775059 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.272069931 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.272171021 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.272368908 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.272382021 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.272728920 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.276319981 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.280677080 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.280805111 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.280889988 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.280901909 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.281059027 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.284617901 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.286571026 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.286865950 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.286878109 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.290568113 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.290816069 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.290828943 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.294672012 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.294898033 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.294909000 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.298830986 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.298970938 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.298984051 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.301232100 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.301439047 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.301451921 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.303668022 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.303874969 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.303886890 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.306276083 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.306418896 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.306431055 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.308852911 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.309060097 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.309072018 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.311053991 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.311291933 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.311321020 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.313484907 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.313533068 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.313724041 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.313735962 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.314011097 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.315608978 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.317961931 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.318077087 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.318124056 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.318207026 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.318218946 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.318362951 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.318362951 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.318581104 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.318581104 CEST55235443192.168.11.2034.149.202.126
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.318592072 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:09.318597078 CEST4435523534.149.202.126192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:23.549809933 CEST55242443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:23.549846888 CEST4435524234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:23.550013065 CEST55242443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:23.550228119 CEST55242443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:23.550251961 CEST4435524234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:23.773880005 CEST4435524234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:23.774175882 CEST55242443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:23.775090933 CEST55242443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:23.775124073 CEST4435524234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:23.775804996 CEST4435524234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:23.776396036 CEST55242443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:23.776503086 CEST55242443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:23.776540995 CEST4435524234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:24.003511906 CEST4435524234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:24.003598928 CEST4435524234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:24.003762960 CEST55242443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:24.003909111 CEST55242443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:24.003909111 CEST55242443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:24.003932953 CEST4435524234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:24.003941059 CEST4435524234.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:37.641298056 CEST64738443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:37.641319990 CEST4436473834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:37.641493082 CEST64738443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:37.641686916 CEST64738443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:37.641697884 CEST4436473834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:37.861299992 CEST4436473834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:37.861505032 CEST64738443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:37.862395048 CEST64738443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:37.862404108 CEST4436473834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:37.862605095 CEST4436473834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:37.863321066 CEST64738443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:37.863390923 CEST64738443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:37.863400936 CEST4436473834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:38.097834110 CEST4436473834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:38.097909927 CEST4436473834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:38.098099947 CEST64738443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:38.098213911 CEST64738443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:38.098213911 CEST64738443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:38.098227978 CEST4436473834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:38.098232031 CEST4436473834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.129256964 CEST64223443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.129276991 CEST44364223172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.129369020 CEST52557443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.129384041 CEST44352557172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.129420042 CEST64223443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.129532099 CEST52557443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.129628897 CEST64223443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.129638910 CEST44364223172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.129681110 CEST52557443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.129690886 CEST44352557172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.350627899 CEST44352557172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.351010084 CEST52557443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.351022959 CEST44352557172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.351530075 CEST44352557172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.352019072 CEST52557443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.352104902 CEST44352557172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.353127956 CEST44364223172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.353399992 CEST64223443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.353405952 CEST44364223172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.353890896 CEST44364223172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.354330063 CEST64223443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.354440928 CEST44364223172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.403230906 CEST52557443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.403237104 CEST64223443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.127075911 CEST52558443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.127099991 CEST4435255834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.127104044 CEST52559443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.127119064 CEST4435255934.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.127290964 CEST52559443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.127314091 CEST52558443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.127679110 CEST52559443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.127688885 CEST4435255934.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.127720118 CEST52558443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.127733946 CEST4435255834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.342358112 CEST4435255834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.342506886 CEST52558443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.342506886 CEST52558443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.344141960 CEST52558443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.344153881 CEST4435255834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.344496965 CEST4435255834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.344795942 CEST52558443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.345170021 CEST52558443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.347870111 CEST4435255934.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.348149061 CEST52559443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.349828005 CEST52559443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.349843025 CEST4435255934.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.350187063 CEST4435255934.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.350346088 CEST52559443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.350748062 CEST52559443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.388277054 CEST4435255834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.396202087 CEST4435255934.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.579668045 CEST4435255834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.579742908 CEST4435255834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.579940081 CEST52558443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.580017090 CEST52558443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.580017090 CEST52558443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.580027103 CEST4435255834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.580199003 CEST52558443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.590823889 CEST4435255934.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.590943098 CEST4435255934.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.591346025 CEST52559443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.740259886 CEST52561443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.740353107 CEST4435256134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.740540028 CEST52561443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.740698099 CEST52561443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.740736008 CEST4435256134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.956629992 CEST4435256134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.956911087 CEST52561443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.959283113 CEST52561443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.959296942 CEST4435256134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.959600925 CEST4435256134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.960238934 CEST52561443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.960355997 CEST52561443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.960386992 CEST4435256134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.189230919 CEST4435256134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.189344883 CEST4435256134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.189719915 CEST52561443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.189913988 CEST52561443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.189913988 CEST52561443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.189928055 CEST4435256134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.189932108 CEST4435256134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.356837988 CEST44364223172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.356894970 CEST44364223172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.358032942 CEST64223443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.392775059 CEST44352557172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.392817974 CEST44352557172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.392935991 CEST52557443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.274422884 CEST52559443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.274446964 CEST4435255934.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.277124882 CEST52567443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.277148962 CEST4435256734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.277280092 CEST52567443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.277477026 CEST52567443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.277487993 CEST4435256734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.385519028 CEST52568443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.385544062 CEST4435256834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.385715961 CEST52568443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.385819912 CEST52568443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.385828018 CEST4435256834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.493513107 CEST4435256734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.493696928 CEST52567443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.494616032 CEST52567443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.494626999 CEST4435256734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.494914055 CEST4435256734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.495654106 CEST52567443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.495726109 CEST52567443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.495774031 CEST4435256734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.606924057 CEST4435256834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.607186079 CEST52568443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.607400894 CEST52568443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.607408047 CEST4435256834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.607920885 CEST52568443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.607928991 CEST4435256834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.726001024 CEST4435256734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.726110935 CEST4435256734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.726244926 CEST52567443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.726358891 CEST52567443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.726358891 CEST52567443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.726378918 CEST4435256734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.726386070 CEST4435256734.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.728800058 CEST52569443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.728827953 CEST4435256934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.729866982 CEST52569443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.730232000 CEST52569443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.730249882 CEST4435256934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.852556944 CEST4435256834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.852778912 CEST4435256834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.853686094 CEST52568443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.853686094 CEST52568443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.853686094 CEST52568443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.853730917 CEST4435256834.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.853955030 CEST52568443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.956702948 CEST4435256934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.956897020 CEST52569443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.958869934 CEST52569443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.958894968 CEST4435256934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.959841967 CEST4435256934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.960500002 CEST52569443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.960604906 CEST52569443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.960701942 CEST4435256934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.183881998 CEST4435256934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.184041977 CEST4435256934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.185118914 CEST52569443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.185118914 CEST52569443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.185118914 CEST52569443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.185801983 CEST52570443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.185844898 CEST4435257034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.186012983 CEST52570443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.186230898 CEST52570443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.186259031 CEST4435257034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.403378010 CEST4435257034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.404706001 CEST52570443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.404706001 CEST52570443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.404736042 CEST4435257034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.405136108 CEST4435257034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.405849934 CEST52570443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.405875921 CEST52570443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.405978918 CEST4435257034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.490154028 CEST52569443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.490192890 CEST4435256934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.634505987 CEST4435257034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.634845972 CEST4435257034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.634999037 CEST52570443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.635096073 CEST52570443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.635097027 CEST52570443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.635175943 CEST4435257034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:58.635210991 CEST4435257034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:02.939738989 CEST52571443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:02.939760923 CEST4435257134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:02.940023899 CEST52571443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:02.945441008 CEST52571443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:02.945452929 CEST4435257134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.159276962 CEST4435257134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.159521103 CEST52571443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.164144993 CEST52571443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.164155006 CEST4435257134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.164463043 CEST4435257134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.166832924 CEST52571443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.166832924 CEST52571443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.166847944 CEST4435257134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.388674021 CEST4435257134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.388854980 CEST4435257134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.388987064 CEST52571443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.389851093 CEST52571443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.389882088 CEST4435257134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.389898062 CEST52571443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.389911890 CEST4435257134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.328284025 CEST52572443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.328305960 CEST4435257234.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.328531027 CEST52572443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.328704119 CEST52572443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.328713894 CEST4435257234.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.329550982 CEST52573443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.329566002 CEST4435257334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.329791069 CEST52573443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.330095053 CEST52573443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.330107927 CEST4435257334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.453043938 CEST52574443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.453063011 CEST4435257434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.453337908 CEST52574443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.453458071 CEST52574443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.453463078 CEST4435257434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.542749882 CEST4435257234.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.543349028 CEST4435257334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.543863058 CEST52572443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.544167042 CEST52572443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.544179916 CEST4435257234.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.544356108 CEST52573443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.545010090 CEST52572443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.545010090 CEST52573443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.545020103 CEST4435257234.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.545026064 CEST4435257334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.545345068 CEST4435257334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.546060085 CEST52573443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.546124935 CEST52573443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.546189070 CEST4435257334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.667781115 CEST4435257434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.667920113 CEST52574443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.668200016 CEST52574443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.668205976 CEST4435257434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.668989897 CEST52574443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.668996096 CEST4435257434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.774230957 CEST4435257334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.774601936 CEST4435257334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.775163889 CEST52573443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.775165081 CEST52573443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.775165081 CEST52573443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.789650917 CEST4435257234.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.789846897 CEST4435257234.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.790441036 CEST52572443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.790441036 CEST52572443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.790626049 CEST52572443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.790646076 CEST4435257234.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.909065962 CEST4435257434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.909167051 CEST4435257434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.909246922 CEST52574443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.909308910 CEST52574443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.909308910 CEST52574443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.909320116 CEST4435257434.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.909370899 CEST52574443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.909502983 CEST52574443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:06.075525045 CEST52573443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:06.075542927 CEST4435257334.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.177640915 CEST52576443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.177663088 CEST4435257634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.177855015 CEST52576443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.178033113 CEST52576443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.178044081 CEST4435257634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.286114931 CEST52577443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.286130905 CEST4435257734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.286319017 CEST52577443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.286448002 CEST52577443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.286458969 CEST4435257734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.396610022 CEST4435257634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.396832943 CEST52576443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.398082972 CEST52576443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.398091078 CEST4435257634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.398277998 CEST4435257634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.399024963 CEST52576443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.399130106 CEST52576443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.399144888 CEST4435257634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.507756948 CEST4435257734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.507955074 CEST52577443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.508148909 CEST52577443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.508164883 CEST4435257734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.508709908 CEST52577443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.508733034 CEST4435257734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.630786896 CEST4435257634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.630863905 CEST4435257634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.631000042 CEST52576443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.631216049 CEST52576443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.631216049 CEST52576443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.631231070 CEST4435257634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.631238937 CEST4435257634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.633275032 CEST52578443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.633291960 CEST4435257834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.633521080 CEST52578443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.633627892 CEST52578443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.633637905 CEST4435257834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.746975899 CEST4435257734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.747123957 CEST4435257734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.747272968 CEST52577443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.747322083 CEST52577443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.747322083 CEST52577443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.747348070 CEST4435257734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.747507095 CEST52577443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.847734928 CEST4435257834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.847959995 CEST52578443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.848813057 CEST52578443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.848820925 CEST4435257834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.849097967 CEST4435257834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.849730968 CEST52578443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.849860907 CEST52578443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.849879980 CEST4435257834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.077166080 CEST4435257834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.077511072 CEST4435257834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.077692032 CEST52578443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.077761889 CEST52578443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.077761889 CEST52578443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.077774048 CEST4435257834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.077778101 CEST4435257834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.080101967 CEST52579443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.080118895 CEST4435257934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.080585003 CEST52579443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.080585003 CEST52579443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.080624104 CEST4435257934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.295082092 CEST4435257934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.296040058 CEST52579443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.296374083 CEST52579443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.296382904 CEST4435257934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.296683073 CEST4435257934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.297346115 CEST52579443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.297382116 CEST52579443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.297431946 CEST4435257934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.527070999 CEST4435257934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.527133942 CEST4435257934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.527278900 CEST52579443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.527456045 CEST52579443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.527456999 CEST52579443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.527471066 CEST4435257934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:14.527475119 CEST4435257934.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.083235979 CEST52580443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.083266973 CEST4435258034.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.083415031 CEST52580443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.083548069 CEST52580443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.083559036 CEST4435258034.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.084578991 CEST52581443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.084594965 CEST4435258134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.084741116 CEST52581443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.084955931 CEST52581443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.084965944 CEST4435258134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.188350916 CEST52582443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.188366890 CEST4435258234.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.188793898 CEST52582443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.188966990 CEST52582443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.188977957 CEST4435258234.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.296356916 CEST4435258034.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.296515942 CEST52580443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.296807051 CEST52580443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.296816111 CEST4435258034.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.298803091 CEST52580443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.298813105 CEST4435258034.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.299411058 CEST4435258134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.300281048 CEST52581443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.301471949 CEST52581443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.301481009 CEST4435258134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.301670074 CEST4435258134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.302294970 CEST52581443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.302321911 CEST52581443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.302351952 CEST4435258134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.401931047 CEST4435258234.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.402098894 CEST52582443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.402309895 CEST52582443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.402314901 CEST4435258234.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.402957916 CEST52582443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.402962923 CEST4435258234.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.450895071 CEST52557443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.450911045 CEST44352557172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.450951099 CEST64223443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.450959921 CEST44364223172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.532814026 CEST4435258034.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.533006907 CEST4435258034.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.533008099 CEST52580443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.533236980 CEST52580443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.533865929 CEST52580443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.533878088 CEST4435258034.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.534751892 CEST4435258134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.534851074 CEST4435258134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.535852909 CEST52581443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.535852909 CEST52581443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.535948992 CEST52581443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.535959959 CEST4435258134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.569015026 CEST52583443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.569036007 CEST4435258340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.569183111 CEST52583443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.569367886 CEST52583443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.569379091 CEST4435258340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.640336037 CEST4435258234.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.640434980 CEST4435258234.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.640747070 CEST52582443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.640747070 CEST52582443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.640747070 CEST52582443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.640760899 CEST4435258234.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.641146898 CEST52582443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.996444941 CEST4435258340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.997663975 CEST52583443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.998768091 CEST52583443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.998788118 CEST4435258340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.999346018 CEST4435258340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.999911070 CEST52583443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.999912024 CEST52583443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:21.999943018 CEST4435258340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:22.262209892 CEST4435258340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:22.262299061 CEST4435258340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:22.262677908 CEST52583443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:22.263015985 CEST52583443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:22.263025999 CEST4435258340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.276653051 CEST52584443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.276768923 CEST4435258440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.277781010 CEST52584443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.277781010 CEST52584443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.277926922 CEST4435258440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.702246904 CEST4435258440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.702721119 CEST52584443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.704009056 CEST52584443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.704032898 CEST4435258440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.704582930 CEST4435258440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.704968929 CEST52584443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.704969883 CEST52584443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.705025911 CEST4435258440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.968609095 CEST4435258440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.968760014 CEST4435258440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.969058037 CEST52584443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.970141888 CEST52584443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.970155954 CEST4435258440.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:26.978137016 CEST52585443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:26.978231907 CEST4435258540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:26.979080915 CEST52585443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:26.979242086 CEST52585443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:26.979280949 CEST4435258540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.394072056 CEST4435258540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.394290924 CEST52585443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.396488905 CEST52585443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.396498919 CEST4435258540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.396764994 CEST4435258540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.397192001 CEST52585443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.397192001 CEST52585443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.397206068 CEST4435258540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.659167051 CEST4435258540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.659285069 CEST4435258540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.659475088 CEST52585443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.659672976 CEST52585443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.659686089 CEST4435258540.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.810358047 CEST52586443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.810379028 CEST4435258640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.810656071 CEST52586443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.810847998 CEST52586443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:27.810858965 CEST4435258640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.224812031 CEST4435258640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.225065947 CEST52586443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.226368904 CEST52586443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.226389885 CEST4435258640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.226788044 CEST4435258640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.227267981 CEST52586443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.227314949 CEST52586443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.227332115 CEST4435258640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.489233971 CEST4435258640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.489351988 CEST4435258640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.489770889 CEST52586443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.489772081 CEST52586443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.802073956 CEST52586443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.802093029 CEST4435258640.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.248016119 CEST52588443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.248034954 CEST4435258834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.248250008 CEST52588443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.248420000 CEST52588443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.248430967 CEST4435258834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.263427973 CEST52589443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.263443947 CEST4435258934.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.263587952 CEST52589443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.263973951 CEST52589443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.263979912 CEST4435258934.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.468281984 CEST4435258834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.468857050 CEST52588443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.469779968 CEST52588443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.469814062 CEST4435258834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.470048904 CEST4435258834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.470737934 CEST52588443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.470818043 CEST52588443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.470845938 CEST4435258834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.480139971 CEST4435258934.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.480778933 CEST52589443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.480895996 CEST52589443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.480902910 CEST4435258934.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.481403112 CEST52589443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.481410027 CEST4435258934.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.703063011 CEST4435258834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.703171968 CEST4435258834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.703437090 CEST52588443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.703465939 CEST52588443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.703465939 CEST52588443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.703480959 CEST4435258834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.703486919 CEST4435258834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.704819918 CEST52590443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.704844952 CEST4435259034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.705101967 CEST52590443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.705312014 CEST52590443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.705326080 CEST4435259034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.723723888 CEST4435258934.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.723774910 CEST4435258934.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.723970890 CEST52589443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.723970890 CEST52589443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.723970890 CEST52589443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.924850941 CEST4435259034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.925432920 CEST52590443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.926187038 CEST52590443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.926224947 CEST4435259034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.926624060 CEST4435259034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.927287102 CEST52590443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.927336931 CEST52590443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.927391052 CEST4435259034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.155950069 CEST4435259034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.156352997 CEST4435259034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.156653881 CEST52590443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.156653881 CEST52590443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.156653881 CEST52590443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.158041954 CEST52591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.158126116 CEST4435259134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.158391953 CEST52591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.158584118 CEST52591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.158639908 CEST4435259134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.380966902 CEST4435259134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.381155968 CEST52591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.382167101 CEST52591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.382194042 CEST4435259134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.382877111 CEST4435259134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.384366989 CEST52591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.384426117 CEST52591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.384497881 CEST4435259134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.458328962 CEST52590443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.458354950 CEST4435259034.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.502746105 CEST52592443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.502778053 CEST4435259240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.503006935 CEST52592443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.503371000 CEST52592443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.503388882 CEST4435259240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.608046055 CEST4435259134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.608205080 CEST4435259134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.609174967 CEST52591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.609174967 CEST52591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.609175920 CEST52591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.906183004 CEST52591443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.906200886 CEST4435259134.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.913451910 CEST4435259240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.913710117 CEST52592443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.915009022 CEST52592443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.915019035 CEST4435259240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.915210009 CEST4435259240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.915704012 CEST52592443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.915704012 CEST52592443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:30.915718079 CEST4435259240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:31.178920031 CEST4435259240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:31.178982019 CEST4435259240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:31.179343939 CEST52592443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:31.179483891 CEST52592443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:31.179513931 CEST4435259240.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.190865040 CEST52593443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.190897942 CEST4435259340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.191354990 CEST52593443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.191540003 CEST52593443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.191550970 CEST4435259340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.602338076 CEST4435259340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.603158951 CEST52593443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.603857994 CEST52593443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.603867054 CEST4435259340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.604130983 CEST4435259340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.604631901 CEST52593443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.604633093 CEST52593443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.604648113 CEST4435259340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.867007971 CEST4435259340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.867131948 CEST4435259340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.867252111 CEST52593443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.867579937 CEST52593443192.168.11.2040.119.46.46
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:33.867599964 CEST4435259340.119.46.46192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:37.916731119 CEST52595443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:37.916764975 CEST4435259534.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:37.916881084 CEST52595443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:37.917090893 CEST52595443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:37.917099953 CEST4435259534.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:37.918015003 CEST52596443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:37.918029070 CEST4435259634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:37.918195963 CEST52596443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:37.918366909 CEST52596443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:37.918375015 CEST4435259634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.018132925 CEST52597443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.018192053 CEST4435259734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.018364906 CEST52597443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.018502951 CEST52597443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.018539906 CEST4435259734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.131947994 CEST4435259634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.132194996 CEST52596443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.133054018 CEST52596443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.133064032 CEST4435259634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.133275986 CEST4435259634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.133929968 CEST52596443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.134016991 CEST52596443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.134037018 CEST4435259634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.136430025 CEST4435259534.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.136583090 CEST52595443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.136756897 CEST52595443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.136765957 CEST4435259534.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.137579918 CEST52595443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.137589931 CEST4435259534.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.231837034 CEST4435259734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.233022928 CEST52597443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.233022928 CEST52597443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.233031988 CEST4435259734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.233347893 CEST52597443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.233357906 CEST4435259734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.362636089 CEST4435259634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.362760067 CEST4435259634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.363689899 CEST52596443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.363689899 CEST52596443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.363689899 CEST52596443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.380661964 CEST4435259534.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.380968094 CEST4435259534.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.381772995 CEST52595443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.381899118 CEST52595443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.382292986 CEST52595443192.168.11.2034.160.176.28
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.382316113 CEST4435259534.160.176.28192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.430860996 CEST52598443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.430886030 CEST4435259834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.431149006 CEST52598443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.431375027 CEST52598443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.431394100 CEST4435259834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.471134901 CEST4435259734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.471199036 CEST4435259734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.471832037 CEST52597443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.471832037 CEST52597443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.471832037 CEST52597443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.471843958 CEST4435259734.111.24.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.472948074 CEST52597443192.168.11.2034.111.24.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.662475109 CEST4435259834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.662707090 CEST52598443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.663595915 CEST52598443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.663629055 CEST4435259834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.664685011 CEST4435259834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.665364981 CEST52598443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.665406942 CEST52598443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.665520906 CEST4435259834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.673438072 CEST52596443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.673465014 CEST4435259634.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.888319016 CEST4435259834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.888462067 CEST4435259834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.888638020 CEST52598443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.888706923 CEST52598443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.888706923 CEST52598443192.168.11.2034.117.223.223
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.888719082 CEST4435259834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.888724089 CEST4435259834.117.223.223192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.084048033 CEST64603443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.084089994 CEST44364603172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.084197998 CEST57672443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.084228039 CEST44357672172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.084265947 CEST64603443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.084445000 CEST57672443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.084477901 CEST64603443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.084502935 CEST44364603172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.084587097 CEST57672443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.084609985 CEST44357672172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.300611973 CEST44357672172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.301006079 CEST57672443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.301018000 CEST44357672172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.301486015 CEST44357672172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.301956892 CEST57672443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.302067041 CEST44357672172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.310039043 CEST44364603172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.310437918 CEST64603443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.310448885 CEST44364603172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.310908079 CEST44364603172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.311302900 CEST64603443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.311393976 CEST44364603172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.342597961 CEST57672443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.357728958 CEST64603443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:50.332629919 CEST44364603172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:50.332720041 CEST44364603172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:50.332850933 CEST64603443192.168.11.20172.253.62.99
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:50.367239952 CEST44357672172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:50.367336035 CEST44357672172.253.62.99192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:50.368073940 CEST57672443192.168.11.20172.253.62.99

                                                                                                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.346024990 CEST6328653192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.445211887 CEST53632861.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.590517998 CEST5515253192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.690028906 CEST53551521.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:07.048389912 CEST6005753192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:07.595904112 CEST5043153192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.279537916 CEST6514153192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.379201889 CEST53651411.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.566853046 CEST6187153192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.666440010 CEST53618711.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.685580969 CEST5693653192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.786106110 CEST53569361.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.034288883 CEST5038653192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.370775938 CEST6147953192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.474212885 CEST5856153192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.514527082 CEST137137192.168.11.20192.168.11.255
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.778691053 CEST6055753192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.882496119 CEST5522053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:19.277846098 CEST137137192.168.11.20192.168.11.255
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.043452978 CEST137137192.168.11.20192.168.11.255
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.292722940 CEST6433953192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.404336929 CEST53643391.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:34.948215008 CEST4948253192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.147770882 CEST5433653192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.190366030 CEST555401900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.555566072 CEST5666153192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.641623974 CEST5059253192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.192688942 CEST555401900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.600595951 CEST6135953192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.699886084 CEST53613591.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:37.193897009 CEST555401900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.194061041 CEST555401900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.233028889 CEST5523253192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.722939014 CEST6430953192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.723526955 CEST6309053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.723891020 CEST5300053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.724374056 CEST5453053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.725656986 CEST6465053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.725656986 CEST5745353192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.824959040 CEST53545301.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825103998 CEST53574531.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.188945055 CEST4921853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.288691998 CEST53492181.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.574747086 CEST5699053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.575097084 CEST5464353192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.642062902 CEST5011653192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.673700094 CEST53569901.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.099083900 CEST5180853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.099334955 CEST5854253192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.100373030 CEST5059753192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.101111889 CEST5313153192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.103617907 CEST5554153192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.104183912 CEST5972053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.104381084 CEST5109353192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.111558914 CEST6506553192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.164267063 CEST6481753192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.164397955 CEST6409653192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.198288918 CEST53518081.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.199572086 CEST53505971.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.200464964 CEST53531311.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.203459024 CEST53597201.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.216264009 CEST53510931.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.245367050 CEST53650651.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.264112949 CEST53648171.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.361351013 CEST6438553192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.429397106 CEST5937053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.488343000 CEST6438553192.168.11.209.9.9.9
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.529490948 CEST53593701.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.530728102 CEST5696253192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644639015 CEST5618553192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644937992 CEST53569621.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.687776089 CEST6464753192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.748557091 CEST5813453192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.748558044 CEST5833653192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.787117004 CEST53646471.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.790107965 CEST5188853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.792201042 CEST5036053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.810148954 CEST6088653192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.847528934 CEST53583361.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.847776890 CEST53581341.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.889117002 CEST53518881.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.909841061 CEST53608861.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.868835926 CEST5913553192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.014224052 CEST5672353192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.025846958 CEST5128353192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.047569036 CEST5730553192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.114703894 CEST53567231.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.125006914 CEST53512831.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.175687075 CEST5730553192.168.11.209.9.9.9
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.346929073 CEST5584853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.346929073 CEST5768153192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.446202993 CEST53558481.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.446496010 CEST53576811.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.722443104 CEST4943553192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.821723938 CEST53494351.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.814584017 CEST5839753192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.837537050 CEST5940953192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.021541119 CEST5490953192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.021542072 CEST5478453192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.411823988 CEST5776853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.525496960 CEST5963153192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.530304909 CEST5166753192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.653179884 CEST5963153192.168.11.209.9.9.9
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.668687105 CEST5166753192.168.11.209.9.9.9
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.536851883 CEST5291953192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:07.777448893 CEST5977253192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.422107935 CEST6132553192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.522576094 CEST53613251.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:21.052021980 CEST5281953192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:21.152060986 CEST53528191.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.029226065 CEST5467253192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.128573895 CEST53546721.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.127087116 CEST5402153192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:02.835957050 CEST6436853192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:02.935817957 CEST53643681.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:16.895946026 CEST5612453192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:16.996360064 CEST53561241.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.147069931 CEST6387953192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.247471094 CEST53638791.1.1.1192.168.11.20
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:35.142877102 CEST638801900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:36.156919003 CEST638801900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:37.173382998 CEST638801900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:38.177834034 CEST638801900192.168.11.20239.255.255.250
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:46.421540022 CEST5819053192.168.11.201.1.1.1
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:46.521876097 CEST53581901.1.1.1192.168.11.20

                                                                                                                                                                                                                                                                                              ICMP Packets

                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.595963001 CEST192.168.11.209.9.9.9db7b(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.282879114 CEST192.168.11.209.9.9.9db6d(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.827919006 CEST192.168.11.209.9.9.9dbc9(Port unreachable)Destination Unreachable
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:59.443351984 CEST38.104.30.25192.168.11.20f4ee(Time to live exceeded in transit)Time Exceeded
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:59.543108940 CEST154.54.30.66192.168.11.20f4ee(Time to live exceeded in transit)Time Exceeded
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:59.643090010 CEST195.22.206.52192.168.11.20f4ff(Time to live exceeded in transit)Time Exceeded
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:59.742386103 CEST195.22.206.93192.168.11.20f4ff(Time to live exceeded in transit)Time Exceeded

                                                                                                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.346024990 CEST192.168.11.201.1.1.10xaef0Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.590517998 CEST192.168.11.201.1.1.10xcd8bStandard query (0)ipm-provider.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:07.048389912 CEST192.168.11.201.1.1.10x95ffStandard query (0)service.piriform.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:07.595904112 CEST192.168.11.201.1.1.10x941eStandard query (0)license.piriform.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.279537916 CEST192.168.11.201.1.1.10xfa32Standard query (0)shepherd.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.566853046 CEST192.168.11.201.1.1.10x736dStandard query (0)ip-info.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.685580969 CEST192.168.11.201.1.1.10x98beStandard query (0)ip-info.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.034288883 CEST192.168.11.201.1.1.10xa8d9Standard query (0)ncc.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.370775938 CEST192.168.11.201.1.1.10xedfdStandard query (0)emupdate.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.474212885 CEST192.168.11.201.1.1.10xd17Standard query (0)emupdate.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.778691053 CEST192.168.11.201.1.1.10x9d69Standard query (0)ccleaner.tools.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.882496119 CEST192.168.11.201.1.1.10x9974Standard query (0)ccleaner.tools.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.292722940 CEST192.168.11.201.1.1.10xfaaeStandard query (0)winqual.sb.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:34.948215008 CEST192.168.11.201.1.1.10xc117Standard query (0)www.ccleaner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.147770882 CEST192.168.11.201.1.1.10xa31cStandard query (0)www.ccleaner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.555566072 CEST192.168.11.201.1.1.10xc89eStandard query (0)ncc.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.641623974 CEST192.168.11.201.1.1.10x63eeStandard query (0)license-api.ccleaner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.600595951 CEST192.168.11.201.1.1.10xbef5Standard query (0)cdn.cookielaw.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.233028889 CEST192.168.11.201.1.1.10x3f6bStandard query (0)download.avira.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.722939014 CEST192.168.11.201.1.1.10x788cStandard query (0)s.go-mpulse.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.723526955 CEST192.168.11.201.1.1.10xfd8eStandard query (0)s7.addthis.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.723891020 CEST192.168.11.201.1.1.10x310bStandard query (0)assets.adobedtm.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.724374056 CEST192.168.11.201.1.1.10x33e8Standard query (0)widget.trustpilot.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.725656986 CEST192.168.11.201.1.1.10x79dfStandard query (0)s1.pir.fmA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.725656986 CEST192.168.11.201.1.1.10xd8a3Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.188945055 CEST192.168.11.201.1.1.10xdb0dStandard query (0)geolocation.onetrust.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.574747086 CEST192.168.11.201.1.1.10xbb80Standard query (0)dpm.demdex.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.575097084 CEST192.168.11.201.1.1.10x888fStandard query (0)www.nortonlifelock.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.642062902 CEST192.168.11.201.1.1.10x78b6Standard query (0)c.go-mpulse.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.099083900 CEST192.168.11.201.1.1.10xd5ffStandard query (0)connect.facebook.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.099334955 CEST192.168.11.201.1.1.10x9ee2Standard query (0)snap.licdn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.100373030 CEST192.168.11.201.1.1.10x5e89Standard query (0)static.hotjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.101111889 CEST192.168.11.201.1.1.10xf7feStandard query (0)static.ads-twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.103617907 CEST192.168.11.201.1.1.10x94c0Standard query (0)amplify.outbrain.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.104183912 CEST192.168.11.201.1.1.10x41dfStandard query (0)s.yimg.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.104381084 CEST192.168.11.201.1.1.10xdbfcStandard query (0)mstatic.ccleaner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.111558914 CEST192.168.11.201.1.1.10x8a1eStandard query (0)symantec.demdex.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.164267063 CEST192.168.11.201.1.1.10xe431Standard query (0)www.mczbf.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.164397955 CEST192.168.11.201.1.1.10xad51Standard query (0)cm.everesttech.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.361351013 CEST192.168.11.201.1.1.10x4db0Standard query (0)cdn-production.ccleaner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.429397106 CEST192.168.11.201.1.1.10x93f6Standard query (0)googleads.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.488343000 CEST192.168.11.209.9.9.90x4db0Standard query (0)cdn-production.ccleaner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.530728102 CEST192.168.11.201.1.1.10x9530Standard query (0)oms.ccleaner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644639015 CEST192.168.11.201.1.1.10x9743Standard query (0)px.ads.linkedin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.687776089 CEST192.168.11.201.1.1.10x1555Standard query (0)script.hotjar.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.748557091 CEST192.168.11.201.1.1.10x79eeStandard query (0)t.coA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.748558044 CEST192.168.11.201.1.1.10xd5d8Standard query (0)analytics.twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.790107965 CEST192.168.11.201.1.1.10x350bStandard query (0)tr.outbrain.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.792201042 CEST192.168.11.201.1.1.10x6635Standard query (0)wave.outbrain.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.810148954 CEST192.168.11.201.1.1.10x6707Standard query (0)idsync.rlcdn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.868835926 CEST192.168.11.201.1.1.10x8b21Standard query (0)www.linkedin.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.014224052 CEST192.168.11.201.1.1.10x987eStandard query (0)c5.adalyser.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.025846958 CEST192.168.11.201.1.1.10xe85fStandard query (0)dev.visualwebsiteoptimizer.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.047569036 CEST192.168.11.201.1.1.10xab1eStandard query (0)cdn-uat.ccleaner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.175687075 CEST192.168.11.209.9.9.90xab1eStandard query (0)cdn-uat.ccleaner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.346929073 CEST192.168.11.201.1.1.10xb2b3Standard query (0)stats.g.doubleclick.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.346929073 CEST192.168.11.201.1.1.10x7869Standard query (0)analytics.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.722443104 CEST192.168.11.201.1.1.10xa3b1Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.814584017 CEST192.168.11.201.1.1.10x1860Standard query (0)zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.837537050 CEST192.168.11.201.1.1.10x1203Standard query (0)173bf110.akstat.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.021541119 CEST192.168.11.201.1.1.10x3009Standard query (0)trial-eum-clienttons-s.akamaihd.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.021542072 CEST192.168.11.201.1.1.10xce3fStandard query (0)trial-eum-clientnsv4-s.akamaihd.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.411823988 CEST192.168.11.201.1.1.10x7c20Standard query (0)siteintercept.qualtrics.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.525496960 CEST192.168.11.201.1.1.10x6621Standard query (0)102-165-48-88_s-23-62-230-167_ts-1716727484-clienttons-s.akamaihd.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.530304909 CEST192.168.11.201.1.1.10x2cc1Standard query (0)m2stawfydf7ywzstf26a-ps8iwe-4482d3f71-clientnsv4-s.akamaihd.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.653179884 CEST192.168.11.209.9.9.90x6621Standard query (0)102-165-48-88_s-23-62-230-167_ts-1716727484-clienttons-s.akamaihd.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.668687105 CEST192.168.11.209.9.9.90x2cc1Standard query (0)m2stawfydf7ywzstf26a-ps8iwe-4482d3f71-clientnsv4-s.akamaihd.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.536851883 CEST192.168.11.201.1.1.10x21e6Standard query (0)ccleaner.tools.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:07.777448893 CEST192.168.11.201.1.1.10xf13dStandard query (0)ncc.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.422107935 CEST192.168.11.201.1.1.10x19beStandard query (0)driver-updater.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:21.052021980 CEST192.168.11.201.1.1.10x75a8Standard query (0)driver-updater.ff.avast.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.029226065 CEST192.168.11.201.1.1.10x9decStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.127087116 CEST192.168.11.201.1.1.10x894bStandard query (0)www.ccleaner.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:02.835957050 CEST192.168.11.201.1.1.10x6c58Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:16.895946026 CEST192.168.11.201.1.1.10xfaceStandard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.147069931 CEST192.168.11.201.1.1.10x563cStandard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:46.421540022 CEST192.168.11.201.1.1.10xb373Standard query (0)analytics.avcdn.netA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.445211887 CEST1.1.1.1192.168.11.200xaef0No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.445211887 CEST1.1.1.1192.168.11.200xaef0No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:47.445211887 CEST1.1.1.1192.168.11.200xaef0No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.690028906 CEST1.1.1.1192.168.11.200xcd8bNo error (0)ipm-provider.ff.avast.comipm-gcp-prod.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:43:49.690028906 CEST1.1.1.1192.168.11.200xcd8bNo error (0)ipm-gcp-prod.ff.avast.com34.111.24.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:07.164518118 CEST1.1.1.1192.168.11.200x95ffNo error (0)service.piriform.comservice.piriform.com-v1.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:07.711235046 CEST1.1.1.1192.168.11.200x941eNo error (0)license.piriform.comlicense.piriform.com-v2.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.379201889 CEST1.1.1.1192.168.11.200xfa32No error (0)shepherd.ff.avast.comshepherd-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:08.379201889 CEST1.1.1.1192.168.11.200xfa32No error (0)shepherd-gcp.ff.avast.com34.160.176.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.666440010 CEST1.1.1.1192.168.11.200x736dNo error (0)ip-info.ff.avast.comip-info-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.666440010 CEST1.1.1.1192.168.11.200x736dNo error (0)ip-info-gcp.ff.avast.com34.149.149.62A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.786106110 CEST1.1.1.1192.168.11.200x98beNo error (0)ip-info.ff.avast.comip-info-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:17.786106110 CEST1.1.1.1192.168.11.200x98beNo error (0)ip-info-gcp.ff.avast.com34.149.149.62A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.134249926 CEST1.1.1.1192.168.11.200xa8d9No error (0)ncc.avast.comncc.avast.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.471957922 CEST1.1.1.1192.168.11.200xedfdNo error (0)emupdate.avcdn.netemupdate.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.575714111 CEST1.1.1.1192.168.11.200xd17No error (0)emupdate.avcdn.netemupdate.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.880911112 CEST1.1.1.1192.168.11.200x9d69No error (0)ccleaner.tools.avcdn.nettools.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:18.985388041 CEST1.1.1.1192.168.11.200x9974No error (0)ccleaner.tools.avcdn.nettools.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.404336929 CEST1.1.1.1192.168.11.200xfaaeNo error (0)winqual.sb.avast.comstreamback-cl1.ns1.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.404336929 CEST1.1.1.1192.168.11.200xfaaeNo error (0)streamback-cl1.ns1.ff.avast.com34.77.70.86A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:20.404336929 CEST1.1.1.1192.168.11.200xfaaeNo error (0)streamback-cl1.ns1.ff.avast.com35.246.192.59A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.073467970 CEST1.1.1.1192.168.11.200xc117No error (0)www.ccleaner.comwww.ccleaner.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.247570038 CEST1.1.1.1192.168.11.200xa31cNo error (0)www.ccleaner.comwww.ccleaner.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.655922890 CEST1.1.1.1192.168.11.200xc89eNo error (0)ncc.avast.comncc.avast.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:35.756695032 CEST1.1.1.1192.168.11.200x63eeNo error (0)license-api.ccleaner.comlicense-api.ccleaner.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.577404022 CEST9.9.9.9192.168.11.200xfe04No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.577404022 CEST9.9.9.9192.168.11.200xfe04No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.699886084 CEST1.1.1.1192.168.11.200xbef5No error (0)cdn.cookielaw.org104.19.178.52A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:36.699886084 CEST1.1.1.1192.168.11.200xbef5No error (0)cdn.cookielaw.org104.19.177.52A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.334403038 CEST1.1.1.1192.168.11.200x3f6bNo error (0)download.avira.comcdn.avira.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.822945118 CEST1.1.1.1192.168.11.200x788cNo error (0)s.go-mpulse.netip46.go-mpulse.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.823929071 CEST1.1.1.1192.168.11.200x310bNo error (0)assets.adobedtm.comcn-assets.adobedtm.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.824317932 CEST1.1.1.1192.168.11.200xfd8eNo error (0)s7.addthis.coms8.addthis.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.824317932 CEST1.1.1.1192.168.11.200xfd8eNo error (0)s8.addthis.comds-s7.addthis.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.824959040 CEST1.1.1.1192.168.11.200x33e8No error (0)widget.trustpilot.com3.162.125.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.824959040 CEST1.1.1.1192.168.11.200x33e8No error (0)widget.trustpilot.com3.162.125.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.824959040 CEST1.1.1.1192.168.11.200x33e8No error (0)widget.trustpilot.com3.162.125.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.824959040 CEST1.1.1.1192.168.11.200x33e8No error (0)widget.trustpilot.com3.162.125.42A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825103998 CEST1.1.1.1192.168.11.200xd8a3No error (0)www.google.com142.251.16.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825103998 CEST1.1.1.1192.168.11.200xd8a3No error (0)www.google.com142.251.16.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825103998 CEST1.1.1.1192.168.11.200xd8a3No error (0)www.google.com142.251.16.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825103998 CEST1.1.1.1192.168.11.200xd8a3No error (0)www.google.com142.251.16.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825103998 CEST1.1.1.1192.168.11.200xd8a3No error (0)www.google.com142.251.16.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.825103998 CEST1.1.1.1192.168.11.200xd8a3No error (0)www.google.com142.251.16.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:38.842236996 CEST1.1.1.1192.168.11.200x79dfNo error (0)s1.pir.fms1.pir.fm.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.288691998 CEST1.1.1.1192.168.11.200xdb0dNo error (0)geolocation.onetrust.com172.64.155.119A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.288691998 CEST1.1.1.1192.168.11.200xdb0dNo error (0)geolocation.onetrust.com104.18.32.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.586518049 CEST9.9.9.9192.168.11.200xfe04No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.586518049 CEST9.9.9.9192.168.11.200xfe04No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.673700094 CEST1.1.1.1192.168.11.200xbb80No error (0)dpm.demdex.netgslb-2.demdex.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.673700094 CEST1.1.1.1192.168.11.200xbb80No error (0)gslb-2.demdex.netedge-va6.demdex.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.673700094 CEST1.1.1.1192.168.11.200xbb80No error (0)edge-va6.demdex.netdcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.673700094 CEST1.1.1.1192.168.11.200xbb80No error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com54.146.244.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.673700094 CEST1.1.1.1192.168.11.200xbb80No error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com52.0.43.164A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.673700094 CEST1.1.1.1192.168.11.200xbb80No error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com34.228.76.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.673700094 CEST1.1.1.1192.168.11.200xbb80No error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com18.213.208.197A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.673700094 CEST1.1.1.1192.168.11.200xbb80No error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com52.202.101.214A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.673700094 CEST1.1.1.1192.168.11.200xbb80No error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com34.193.14.160A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.673700094 CEST1.1.1.1192.168.11.200xbb80No error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com34.206.63.153A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.673700094 CEST1.1.1.1192.168.11.200xbb80No error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com35.172.25.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.674689054 CEST1.1.1.1192.168.11.200x888fNo error (0)www.nortonlifelock.comwww.nortonlifelock.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:39.741168022 CEST1.1.1.1192.168.11.200x78b6No error (0)c.go-mpulse.netwildcard46.go-mpulse.net.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.198288918 CEST1.1.1.1192.168.11.200xd5ffNo error (0)connect.facebook.netscontent.xx.fbcdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.198288918 CEST1.1.1.1192.168.11.200xd5ffNo error (0)scontent.xx.fbcdn.net31.13.66.19A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.198487997 CEST1.1.1.1192.168.11.200x9ee2No error (0)snap.licdn.comod.linkedin.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.199572086 CEST1.1.1.1192.168.11.200x5e89No error (0)static.hotjar.comstatic-cdn.hotjar.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.199572086 CEST1.1.1.1192.168.11.200x5e89No error (0)static-cdn.hotjar.com18.160.41.112A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.199572086 CEST1.1.1.1192.168.11.200x5e89No error (0)static-cdn.hotjar.com18.160.41.58A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.199572086 CEST1.1.1.1192.168.11.200x5e89No error (0)static-cdn.hotjar.com18.160.41.53A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.199572086 CEST1.1.1.1192.168.11.200x5e89No error (0)static-cdn.hotjar.com18.160.41.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.200464964 CEST1.1.1.1192.168.11.200xf7feNo error (0)static.ads-twitter.complatform.twitter.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.200464964 CEST1.1.1.1192.168.11.200xf7feNo error (0)platform.twitter.map.fastly.net146.75.28.157A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.202552080 CEST1.1.1.1192.168.11.200x94c0No error (0)amplify.outbrain.comwildcard.outbrain.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.203459024 CEST1.1.1.1192.168.11.200x41dfNo error (0)s.yimg.comedge.gycpi.b.yahoodns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.203459024 CEST1.1.1.1192.168.11.200x41dfNo error (0)edge.gycpi.b.yahoodns.net69.147.92.12A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.203459024 CEST1.1.1.1192.168.11.200x41dfNo error (0)edge.gycpi.b.yahoodns.net69.147.92.11A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.216264009 CEST1.1.1.1192.168.11.200xdbfcNo error (0)mstatic.ccleaner.com20.50.2.53A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.245367050 CEST1.1.1.1192.168.11.200x8a1eNo error (0)symantec.demdex.netgslb-2.demdex.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.245367050 CEST1.1.1.1192.168.11.200x8a1eNo error (0)gslb-2.demdex.netedge-va6.demdex.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.245367050 CEST1.1.1.1192.168.11.200x8a1eNo error (0)edge-va6.demdex.netdcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.245367050 CEST1.1.1.1192.168.11.200x8a1eNo error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com52.206.50.222A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.245367050 CEST1.1.1.1192.168.11.200x8a1eNo error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com3.227.87.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.245367050 CEST1.1.1.1192.168.11.200x8a1eNo error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com44.212.204.182A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.245367050 CEST1.1.1.1192.168.11.200x8a1eNo error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com44.214.51.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.245367050 CEST1.1.1.1192.168.11.200x8a1eNo error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com3.228.26.85A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.245367050 CEST1.1.1.1192.168.11.200x8a1eNo error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com54.88.215.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.245367050 CEST1.1.1.1192.168.11.200x8a1eNo error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com3.221.16.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.245367050 CEST1.1.1.1192.168.11.200x8a1eNo error (0)dcs-public-edge-va6-158015560.us-east-1.elb.amazonaws.com52.73.216.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.263246059 CEST1.1.1.1192.168.11.200xad51No error (0)cm.everesttech.netcm.everesttech.net.akadns.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.264112949 CEST1.1.1.1192.168.11.200xe431No error (0)www.mczbf.comdcjdc5qmbbux7.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.264112949 CEST1.1.1.1192.168.11.200xe431No error (0)dcjdc5qmbbux7.cloudfront.net52.85.132.115A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.264112949 CEST1.1.1.1192.168.11.200xe431No error (0)dcjdc5qmbbux7.cloudfront.net52.85.132.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.264112949 CEST1.1.1.1192.168.11.200xe431No error (0)dcjdc5qmbbux7.cloudfront.net52.85.132.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.264112949 CEST1.1.1.1192.168.11.200xe431No error (0)dcjdc5qmbbux7.cloudfront.net52.85.132.116A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.488069057 CEST1.1.1.1192.168.11.200x4db0No error (0)cdn-production.ccleaner.comcdn-production.ccleaner.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.529490948 CEST1.1.1.1192.168.11.200x93f6No error (0)googleads.g.doubleclick.net142.251.167.155A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.529490948 CEST1.1.1.1192.168.11.200x93f6No error (0)googleads.g.doubleclick.net142.251.167.157A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.529490948 CEST1.1.1.1192.168.11.200x93f6No error (0)googleads.g.doubleclick.net142.251.167.156A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.529490948 CEST1.1.1.1192.168.11.200x93f6No error (0)googleads.g.doubleclick.net142.251.167.154A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.595488071 CEST9.9.9.9192.168.11.200x4db0No error (0)cdn-production.ccleaner.comcdn-production.ccleaner.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644937992 CEST1.1.1.1192.168.11.200x9530No error (0)oms.ccleaner.com2w99epxhne.data.adobedc.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644937992 CEST1.1.1.1192.168.11.200x9530No error (0)2w99epxhne.data.adobedc.net63.140.39.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644937992 CEST1.1.1.1192.168.11.200x9530No error (0)2w99epxhne.data.adobedc.net63.140.38.217A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644937992 CEST1.1.1.1192.168.11.200x9530No error (0)2w99epxhne.data.adobedc.net63.140.39.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644937992 CEST1.1.1.1192.168.11.200x9530No error (0)2w99epxhne.data.adobedc.net63.140.38.112A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644937992 CEST1.1.1.1192.168.11.200x9530No error (0)2w99epxhne.data.adobedc.net63.140.38.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644937992 CEST1.1.1.1192.168.11.200x9530No error (0)2w99epxhne.data.adobedc.net63.140.39.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644937992 CEST1.1.1.1192.168.11.200x9530No error (0)2w99epxhne.data.adobedc.net63.140.39.248A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644937992 CEST1.1.1.1192.168.11.200x9530No error (0)2w99epxhne.data.adobedc.net63.140.39.130A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644937992 CEST1.1.1.1192.168.11.200x9530No error (0)2w99epxhne.data.adobedc.net63.140.39.72A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.644937992 CEST1.1.1.1192.168.11.200x9530No error (0)2w99epxhne.data.adobedc.net63.140.38.210A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.744308949 CEST1.1.1.1192.168.11.200x9743No error (0)px.ads.linkedin.comexp1.www.linkedin.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.744308949 CEST1.1.1.1192.168.11.200x9743No error (0)exp1.www.linkedin.comwww-linkedin-com.l-0005.l-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.787117004 CEST1.1.1.1192.168.11.200x1555No error (0)script.hotjar.com99.84.191.43A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.787117004 CEST1.1.1.1192.168.11.200x1555No error (0)script.hotjar.com99.84.191.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.787117004 CEST1.1.1.1192.168.11.200x1555No error (0)script.hotjar.com99.84.191.81A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.787117004 CEST1.1.1.1192.168.11.200x1555No error (0)script.hotjar.com99.84.191.77A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.847528934 CEST1.1.1.1192.168.11.200xd5d8No error (0)analytics.twitter.comads.twitter.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.847528934 CEST1.1.1.1192.168.11.200xd5d8No error (0)ads.twitter.coms.twitter.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.847528934 CEST1.1.1.1192.168.11.200xd5d8No error (0)s.twitter.com104.244.42.195A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.847776890 CEST1.1.1.1192.168.11.200x79eeNo error (0)t.co104.244.42.133A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.889117002 CEST1.1.1.1192.168.11.200x350bNo error (0)tr.outbrain.comalldcs.outbrain.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.889117002 CEST1.1.1.1192.168.11.200x350bNo error (0)alldcs.outbrain.orgnydc1.outbrain.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.889117002 CEST1.1.1.1192.168.11.200x350bNo error (0)nydc1.outbrain.org64.202.112.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.892447948 CEST1.1.1.1192.168.11.200x6635No error (0)wave.outbrain.comwildcard.outbrain.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:40.909841061 CEST1.1.1.1192.168.11.200x6707No error (0)idsync.rlcdn.com35.244.154.8A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:41.968301058 CEST1.1.1.1192.168.11.200x8b21No error (0)www.linkedin.comwww-linkedin-com.l-0005.l-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.114703894 CEST1.1.1.1192.168.11.200x987eNo error (0)c5.adalyser.compeso-1422535133.eu-west-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.114703894 CEST1.1.1.1192.168.11.200x987eNo error (0)peso-1422535133.eu-west-1.elb.amazonaws.com52.51.126.101A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.114703894 CEST1.1.1.1192.168.11.200x987eNo error (0)peso-1422535133.eu-west-1.elb.amazonaws.com54.76.71.71A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.114703894 CEST1.1.1.1192.168.11.200x987eNo error (0)peso-1422535133.eu-west-1.elb.amazonaws.com99.80.111.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.125006914 CEST1.1.1.1192.168.11.200xe85fNo error (0)dev.visualwebsiteoptimizer.com34.96.102.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.234360933 CEST1.1.1.1192.168.11.200xab1eNo error (0)cdn-uat.ccleaner.comcdn-uat.ccleaner.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.281888962 CEST9.9.9.9192.168.11.200xab1eNo error (0)cdn-uat.ccleaner.comcdn-uat.ccleaner.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.446202993 CEST1.1.1.1192.168.11.200xb2b3No error (0)stats.g.doubleclick.net142.251.16.156A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.446202993 CEST1.1.1.1192.168.11.200xb2b3No error (0)stats.g.doubleclick.net142.251.16.157A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.446496010 CEST1.1.1.1192.168.11.200x7869No error (0)analytics.google.com142.251.167.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.446496010 CEST1.1.1.1192.168.11.200x7869No error (0)analytics.google.com142.251.167.101A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.446496010 CEST1.1.1.1192.168.11.200x7869No error (0)analytics.google.com142.251.167.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.446496010 CEST1.1.1.1192.168.11.200x7869No error (0)analytics.google.com142.251.167.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.446496010 CEST1.1.1.1192.168.11.200x7869No error (0)analytics.google.com142.251.167.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.446496010 CEST1.1.1.1192.168.11.200x7869No error (0)analytics.google.com142.251.167.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.821723938 CEST1.1.1.1192.168.11.200xa3b1No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:42.821723938 CEST1.1.1.1192.168.11.200xa3b1No error (0)star-mini.c10r.facebook.com157.240.229.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.591357946 CEST9.9.9.9192.168.11.200xfe04No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.591357946 CEST9.9.9.9192.168.11.200xfe04No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.592636108 CEST1.1.1.1192.168.11.200xfe04No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.592636108 CEST1.1.1.1192.168.11.200xfe04No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.917875051 CEST1.1.1.1192.168.11.200x1860No error (0)zn4i1jhjmxub1nc6y-gendigital.siteintercept.qualtrics.comsiteintercept.qprod2.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.917875051 CEST1.1.1.1192.168.11.200x1860No error (0)siteintercept.qprod2.netprodlb.siteintercept.qualtrics.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:43.939152002 CEST1.1.1.1192.168.11.200x1203No error (0)173bf110.akstat.iowildcard46.akstat.io.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.120924950 CEST1.1.1.1192.168.11.200x3009No error (0)trial-eum-clienttons-s.akamaihd.nettrial-eum.cname.clienttons.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.120924950 CEST1.1.1.1192.168.11.200x3009No error (0)trial-eum.cname.clienttons.coma1024.dscg.akamai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.121488094 CEST1.1.1.1192.168.11.200xce3fNo error (0)trial-eum-clientnsv4-s.akamaihd.neta248.b.akamai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.511620998 CEST1.1.1.1192.168.11.200x7c20No error (0)siteintercept.qualtrics.comsiteintercept.qprod2.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.511620998 CEST1.1.1.1192.168.11.200x7c20No error (0)siteintercept.qprod2.netprodlb.siteintercept.qualtrics.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.718485117 CEST1.1.1.1192.168.11.200x6621No error (0)102-165-48-88_s-23-62-230-167_ts-1716727484-clienttons-s.akamaihd.net102.165.48.88_s-23.62.230.167_ts-1716727484.cname.clienttons.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.718485117 CEST1.1.1.1192.168.11.200x6621No error (0)102.165.48.88_s-23.62.230.167_ts-1716727484.cname.clienttons.coma1024.dscg.akamai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.814368963 CEST1.1.1.1192.168.11.200x2cc1No error (0)m2stawfydf7ywzstf26a-ps8iwe-4482d3f71-clientnsv4-s.akamaihd.netm2stawfydf7ywzstf26a-ps8iwe-4482d3f71.ipv4-only.cname.clienttons.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.814368963 CEST1.1.1.1192.168.11.200x2cc1No error (0)m2stawfydf7ywzstf26a-ps8iwe-4482d3f71.ipv4-only.cname.clienttons.coma248.b.akamai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.827728033 CEST9.9.9.9192.168.11.200x6621No error (0)102-165-48-88_s-23-62-230-167_ts-1716727484-clienttons-s.akamaihd.net102.165.48.88_s-23.62.230.167_ts-1716727484.cname.clienttons.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.827728033 CEST9.9.9.9192.168.11.200x6621No error (0)102.165.48.88_s-23.62.230.167_ts-1716727484.cname.clienttons.coma1024.dscg.akamai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.936238050 CEST9.9.9.9192.168.11.200x2cc1No error (0)m2stawfydf7ywzstf26a-ps8iwe-4482d3f71-clientnsv4-s.akamaihd.netm2stawfydf7ywzstf26a-ps8iwe-4482d3f71.ipv4-only.cname.clienttons.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:44.936238050 CEST9.9.9.9192.168.11.200x2cc1No error (0)m2stawfydf7ywzstf26a-ps8iwe-4482d3f71.ipv4-only.cname.clienttons.coma248.b.akamai.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.606892109 CEST1.1.1.1192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.606892109 CEST1.1.1.1192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.746017933 CEST9.9.9.9192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:47.746017933 CEST9.9.9.9192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:48.761034966 CEST1.1.1.1192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:48.761034966 CEST1.1.1.1192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.639075994 CEST1.1.1.1192.168.11.200x21e6No error (0)ccleaner.tools.avcdn.nettools.avcdn.net.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.766484976 CEST1.1.1.1192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.766484976 CEST1.1.1.1192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.768049955 CEST9.9.9.9192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:50.768049955 CEST9.9.9.9192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:54.771574020 CEST1.1.1.1192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:54.771574020 CEST1.1.1.1192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:54.771644115 CEST9.9.9.9192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:54.771644115 CEST9.9.9.9192.168.11.200xd393No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.781871080 CEST1.1.1.1192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.781871080 CEST1.1.1.1192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.920909882 CEST9.9.9.9192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:58.920909882 CEST9.9.9.9192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:59.933300972 CEST1.1.1.1192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:44:59.933300972 CEST1.1.1.1192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:01.947556973 CEST9.9.9.9192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:01.947556973 CEST9.9.9.9192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:01.948569059 CEST1.1.1.1192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:01.948569059 CEST1.1.1.1192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:05.954788923 CEST1.1.1.1192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:05.954788923 CEST1.1.1.1192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:05.960841894 CEST9.9.9.9192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:05.960841894 CEST9.9.9.9192.168.11.200x8cc3No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:07.876760006 CEST1.1.1.1192.168.11.200xf13dNo error (0)ncc.avast.comncc.avast.com.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.522576094 CEST1.1.1.1192.168.11.200x19beNo error (0)driver-updater.ff.avast.comdriver-updater-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:08.522576094 CEST1.1.1.1192.168.11.200x19beNo error (0)driver-updater-gcp.ff.avast.com34.149.202.126A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:21.152060986 CEST1.1.1.1192.168.11.200x75a8No error (0)driver-updater.ff.avast.comdriver-updater-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:21.152060986 CEST1.1.1.1192.168.11.200x75a8No error (0)driver-updater-gcp.ff.avast.com34.149.202.126A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:21.154108047 CEST1.1.1.1192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:21.154108047 CEST1.1.1.1192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:21.292104006 CEST9.9.9.9192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:21.292104006 CEST9.9.9.9192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:22.294378042 CEST1.1.1.1192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:22.294378042 CEST1.1.1.1192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:24.301546097 CEST9.9.9.9192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:24.301546097 CEST9.9.9.9192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:24.302494049 CEST1.1.1.1192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:24.302494049 CEST1.1.1.1192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:28.310862064 CEST9.9.9.9192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:28.310862064 CEST9.9.9.9192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:28.311431885 CEST1.1.1.1192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:28.311431885 CEST1.1.1.1192.168.11.200xe58bNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:32.457670927 CEST9.9.9.9192.168.11.200x2666No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:32.457670927 CEST9.9.9.9192.168.11.200x2666No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:35.462364912 CEST9.9.9.9192.168.11.200x2666No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:35.462364912 CEST9.9.9.9192.168.11.200x2666No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:39.473949909 CEST9.9.9.9192.168.11.200x2666No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:39.473949909 CEST9.9.9.9192.168.11.200x2666No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.128573895 CEST1.1.1.1192.168.11.200x9decNo error (0)www.google.com172.253.62.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.128573895 CEST1.1.1.1192.168.11.200x9decNo error (0)www.google.com172.253.62.147A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.128573895 CEST1.1.1.1192.168.11.200x9decNo error (0)www.google.com172.253.62.106A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.128573895 CEST1.1.1.1192.168.11.200x9decNo error (0)www.google.com172.253.62.103A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.128573895 CEST1.1.1.1192.168.11.200x9decNo error (0)www.google.com172.253.62.105A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:40.128573895 CEST1.1.1.1192.168.11.200x9decNo error (0)www.google.com172.253.62.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:43.611089945 CEST9.9.9.9192.168.11.200x9d90No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:43.611089945 CEST9.9.9.9192.168.11.200x9d90No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:46.629291058 CEST9.9.9.9192.168.11.200x9d90No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:46.629291058 CEST9.9.9.9192.168.11.200x9d90No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:49.228753090 CEST1.1.1.1192.168.11.200x894bNo error (0)www.ccleaner.comwww.ccleaner.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.644737005 CEST9.9.9.9192.168.11.200x9d90No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:50.644737005 CEST9.9.9.9192.168.11.200x9d90No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:54.789521933 CEST9.9.9.9192.168.11.200x7ea4No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:54.789521933 CEST9.9.9.9192.168.11.200x7ea4No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:56.110749960 CEST1.1.1.1192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:56.110749960 CEST1.1.1.1192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:56.246001005 CEST9.9.9.9192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:56.246001005 CEST9.9.9.9192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.259673119 CEST1.1.1.1192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.259673119 CEST1.1.1.1192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.803972006 CEST9.9.9.9192.168.11.200x7ea4No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:57.803972006 CEST9.9.9.9192.168.11.200x7ea4No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:59.268445969 CEST9.9.9.9192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:59.268445969 CEST9.9.9.9192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:59.269165039 CEST1.1.1.1192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:45:59.269165039 CEST1.1.1.1192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:01.811609983 CEST9.9.9.9192.168.11.200x7ea4No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:01.811609983 CEST9.9.9.9192.168.11.200x7ea4No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:02.935817957 CEST1.1.1.1192.168.11.200x6c58No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:02.935817957 CEST1.1.1.1192.168.11.200x6c58No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:02.935817957 CEST1.1.1.1192.168.11.200x6c58No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.280116081 CEST9.9.9.9192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.280116081 CEST9.9.9.9192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.280599117 CEST1.1.1.1192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:03.280599117 CEST1.1.1.1192.168.11.200x51aNo error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.827325106 CEST1.1.1.1192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.827325106 CEST1.1.1.1192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.967017889 CEST9.9.9.9192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:05.967017889 CEST9.9.9.9192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:06.972831964 CEST1.1.1.1192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:06.972831964 CEST1.1.1.1192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:08.973150015 CEST1.1.1.1192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:08.973150015 CEST1.1.1.1192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:08.975497961 CEST9.9.9.9192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:08.975497961 CEST9.9.9.9192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:10.295840025 CEST1.1.1.1192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:10.295840025 CEST1.1.1.1192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:10.424313068 CEST9.9.9.9192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:10.424313068 CEST9.9.9.9192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:11.435849905 CEST1.1.1.1192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:11.435849905 CEST1.1.1.1192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:12.984836102 CEST9.9.9.9192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:12.984836102 CEST9.9.9.9192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:12.985222101 CEST1.1.1.1192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:12.985222101 CEST1.1.1.1192.168.11.200x6191No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.440854073 CEST1.1.1.1192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.440854073 CEST1.1.1.1192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.442713976 CEST9.9.9.9192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:13.442713976 CEST9.9.9.9192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:16.995956898 CEST1.1.1.1192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:16.995956898 CEST1.1.1.1192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:16.996360064 CEST1.1.1.1192.168.11.200xfaceNo error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:16.996360064 CEST1.1.1.1192.168.11.200xfaceNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:16.996360064 CEST1.1.1.1192.168.11.200xfaceNo error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:17.135989904 CEST9.9.9.9192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:17.135989904 CEST9.9.9.9192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:17.449007988 CEST9.9.9.9192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:17.449007988 CEST9.9.9.9192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:17.449969053 CEST1.1.1.1192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:17.449969053 CEST1.1.1.1192.168.11.200x8685No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:18.148876905 CEST1.1.1.1192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:18.148876905 CEST1.1.1.1192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:20.151779890 CEST1.1.1.1192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:20.151779890 CEST1.1.1.1192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:20.154468060 CEST9.9.9.9192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:20.154468060 CEST9.9.9.9192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.162811995 CEST9.9.9.9192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.162811995 CEST9.9.9.9192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.162837029 CEST1.1.1.1192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:24.162837029 CEST1.1.1.1192.168.11.200x28d7No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.308099985 CEST9.9.9.9192.168.11.200x3c47No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:28.308099985 CEST9.9.9.9192.168.11.200x3c47No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.247471094 CEST1.1.1.1192.168.11.200x563cNo error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.247471094 CEST1.1.1.1192.168.11.200x563cNo error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:29.247471094 CEST1.1.1.1192.168.11.200x563cNo error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:31.329318047 CEST9.9.9.9192.168.11.200x3c47No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:31.329318047 CEST9.9.9.9192.168.11.200x3c47No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:35.334145069 CEST9.9.9.9192.168.11.200x3c47No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:35.334145069 CEST9.9.9.9192.168.11.200x3c47No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:39.341000080 CEST1.1.1.1192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:39.341000080 CEST1.1.1.1192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:39.506438971 CEST9.9.9.9192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:39.506438971 CEST9.9.9.9192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.488456011 CEST1.1.1.1192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:40.488456011 CEST1.1.1.1192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:42.492137909 CEST1.1.1.1192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:42.492137909 CEST1.1.1.1192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:42.492944956 CEST9.9.9.9192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:42.492944956 CEST9.9.9.9192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:46.505111933 CEST1.1.1.1192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:46.505111933 CEST1.1.1.1192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:46.509469032 CEST9.9.9.9192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:46.509469032 CEST9.9.9.9192.168.11.200x3762No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:46.521876097 CEST1.1.1.1192.168.11.200xb373No error (0)analytics.avcdn.netanalytics.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:46.521876097 CEST1.1.1.1192.168.11.200xb373No error (0)analytics.ff.avast.comanalytics-prod-gcp.ff.avast.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:46.521876097 CEST1.1.1.1192.168.11.200xb373No error (0)analytics-prod-gcp.ff.avast.com34.117.223.223A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:50.510684967 CEST1.1.1.1192.168.11.200x9261No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:50.510684967 CEST1.1.1.1192.168.11.200x9261No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:50.651231050 CEST9.9.9.9192.168.11.200x9261No error (0)fg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                              May 26, 2024 14:46:50.651231050 CEST9.9.9.9192.168.11.200x9261No error (0)fg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                              • analytics.avcdn.net
                                                                                                                                                                                                                                                                                              • ipm-provider.ff.avast.com
                                                                                                                                                                                                                                                                                              • shepherd.ff.avast.com
                                                                                                                                                                                                                                                                                              • tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              • ip-info.ff.avast.com
                                                                                                                                                                                                                                                                                              • winqual.sb.avast.com
                                                                                                                                                                                                                                                                                              • https:
                                                                                                                                                                                                                                                                                                • cdn.cookielaw.org
                                                                                                                                                                                                                                                                                                • widget.trustpilot.com
                                                                                                                                                                                                                                                                                                • www.google.com
                                                                                                                                                                                                                                                                                                • geolocation.onetrust.com
                                                                                                                                                                                                                                                                                                • dpm.demdex.net
                                                                                                                                                                                                                                                                                                • connect.facebook.net
                                                                                                                                                                                                                                                                                                • s.yimg.com
                                                                                                                                                                                                                                                                                                • static.hotjar.com
                                                                                                                                                                                                                                                                                                • symantec.demdex.net
                                                                                                                                                                                                                                                                                                • www.mczbf.com
                                                                                                                                                                                                                                                                                                • static.ads-twitter.com
                                                                                                                                                                                                                                                                                                • mstatic.ccleaner.com
                                                                                                                                                                                                                                                                                                • googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                                                • oms.ccleaner.com
                                                                                                                                                                                                                                                                                                • script.hotjar.com
                                                                                                                                                                                                                                                                                                • t.co
                                                                                                                                                                                                                                                                                                • idsync.rlcdn.com
                                                                                                                                                                                                                                                                                                • tr.outbrain.com
                                                                                                                                                                                                                                                                                                • analytics.twitter.com
                                                                                                                                                                                                                                                                                                • dev.visualwebsiteoptimizer.com
                                                                                                                                                                                                                                                                                                • stats.g.doubleclick.net
                                                                                                                                                                                                                                                                                                • c5.adalyser.com
                                                                                                                                                                                                                                                                                                • analytics.google.com
                                                                                                                                                                                                                                                                                                • www.facebook.com
                                                                                                                                                                                                                                                                                              • login.live.com
                                                                                                                                                                                                                                                                                              • driver-updater.ff.avast.com

                                                                                                                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              0192.168.11.205011234.117.223.2234438500C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:43:47 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 291
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:43:47 UTC291OUTData Raw: 0a a0 02 0a 42 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 12 85 01 0a 03 3b 06 01 10 84 ba 99 e5 0c 28 df 03 5a 73 08 0a 10 00 18 e2 94 01 20 01 28 00 32 24 31 65 33 61 38 37 38 38 2d 35 34 34 35 2d 34 33 31 64 2d 62 36 66 35 2d 62 61 31 31 62 33 62 37 30 31 31 37 38 00 42 2c 38 36 56 4a 2d 56 44 58 38 2d 32 43 45 58 2d 48 44 57 33 2d 37 50 46 41 2d 54 4e 49 55 2d 51 34 41 57 2d 38 59 43 50 2d 32 53 44 36 48 01 52 00 58 00 60 32 6a 00 72 00 78 00 82 01 00 60 01 22 46 12 0a 36 2e 32 34 2e 31 31 30 36 30 18 01 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30
                                                                                                                                                                                                                                                                                              Data Ascii: BB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49;(Zs (2$1e3a8788-5445-431d-b6f5-ba11b3b701178B,86VJ-VDX8-2CEX-HDW3-7PFA-TNIU-Q4AW-8YCP-2SD6HRX`2jrx`"F6.24.11060"/10.0 (Build 19042, Release 200
                                                                                                                                                                                                                                                                                              2024-05-26 12:43:47 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:43:47 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:43:47 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              1192.168.11.205011334.111.24.14438500C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:43:49 UTC437OUTGET /?p_elm=76&action=1&p_age=0&p_bau=0&p_bsls=0&p_chcc=2&p_chr=0&p_dvt=3&p_fds=431419&p_gis=0&p_hid=be4e4af9-63f6-4992-bfa2-801c56ff5967&p_lid=en-GB&p_lng=en&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_osv=10.0&p_pro=90&p_sbi=0&p_scbu=0&p_tos=0&p_vbd=11060&p_vep=6&p_ves=24&p_wid=1665235917&p_wsc2v_av=9011 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Host: ipm-provider.ff.avast.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:43:50 UTC696INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:43:50 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: 0
                                                                                                                                                                                                                                                                                              Content-Identifier: Do not track element
                                                                                                                                                                                                                                                                                              ETag: W/1505
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=563fffb9-0641-4af9-b6eb-6e4067669c8f; Max-Age=63072000; Expires=Tue, 26 May 2026 12:43:50 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=563fffb9-0641-4af9-b6eb-6e4067669c8f; Max-Age=63072000; Expires=Tue, 26 May 2026 12:43:50 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              2192.168.11.205011434.117.223.2234438500C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:06 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 291
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:06 UTC291OUTData Raw: 0a a0 02 0a 42 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 12 85 01 0a 03 3b 06 02 10 a8 ba 99 e5 0c 28 df 03 5a 73 08 0a 10 00 18 e2 94 01 20 01 28 00 32 24 31 65 33 61 38 37 38 38 2d 35 34 34 35 2d 34 33 31 64 2d 62 36 66 35 2d 62 61 31 31 62 33 62 37 30 31 31 37 38 00 42 2c 38 36 56 4a 2d 56 44 58 38 2d 32 43 45 58 2d 48 44 57 33 2d 37 50 46 41 2d 54 4e 49 55 2d 51 34 41 57 2d 38 59 43 50 2d 32 53 44 36 48 01 52 00 58 00 60 32 6a 00 72 00 78 00 82 01 00 60 01 22 46 12 0a 36 2e 32 34 2e 31 31 30 36 30 18 01 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30
                                                                                                                                                                                                                                                                                              Data Ascii: BB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49;(Zs (2$1e3a8788-5445-431d-b6f5-ba11b3b701178B,86VJ-VDX8-2CEX-HDW3-7PFA-TNIU-Q4AW-8YCP-2SD6HRX`2jrx`"F6.24.11060"/10.0 (Build 19042, Release 200
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:06 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:06 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:06 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              3192.168.11.205011734.160.176.284438500C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:08 UTC339OUTGET /?p_vep=6&p_ves=24&p_vbd=11060&p_lit=0&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_pro=90&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_lng=en&p_lid=en-us HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: shepherd.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:08 UTC1309INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:08 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              Content-Length: 1024
                                                                                                                                                                                                                                                                                              AB-Tests: CustomCleanPaywallAB:a,UpgradeButtonAppearanceAB:b
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                                                                                              Config-Id: 33
                                                                                                                                                                                                                                                                                              Config-Name: CCleaner_test-group-health-check-new-flow_cc-ui-launch-in-the-background_distribution---custom-clean-paywall_distribution---driver-updater_hcv2-rollout_distribution---notification-centre_distribution---opswatsoftwareupdater_distribution---opswatsoftwareupdaterhc_feedback---performance-optimizer_distribution---easy-clean-ipm_showoffers3rdparty---usa-opt-out_distribution---upgrade-button-test-4b3dbf56e64bb5644fe0c78a3dcf0e84e88b011787249ffbefc04ba719486177
                                                                                                                                                                                                                                                                                              Config-Version: 265
                                                                                                                                                                                                                                                                                              Segments: test group health check new flow,cc ui launch in the background,distribution - custom clean paywall,distribution - driver updater,hcv2 rollout,distribution - notification centre,distribution - opswatsoftwareupdater,distribution - opswatsoftwareupdaterhc,feedback - performance optimizer,distribution - easy clean ipm,showoffers3rdparty - usa opt-out,distribution - upgrade button test
                                                                                                                                                                                                                                                                                              TTL: 86400
                                                                                                                                                                                                                                                                                              TTL-Spread: 43200
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:08 UTC1024INData Raw: 5b 45 6e 63 72 79 70 74 5d 0d 0a 41 42 54 65 73 74 69 6e 67 4e 61 6d 65 73 3d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 0d 0a 43 43 50 4f 43 3d 44 49 53 41 42 4c 45 44 0d 0a 44 54 4e 50 3d 31 32 30 30 0d 0a 44 55 4e 50 3d 39 30 30 0d 0a 5b 43 6f 6d 6d 6f 6e 5d 0d 0a 41 6c 70 68 61 49 6e 74 65 67 72 61 74 69 6f 6e 3d 31 0d 0a 41 6c 70 68 61 4d 69 67 72 61 74 69 6f 6e 3d 31 0d 0a 41 55 32 3d 31 0d 0a 43 43 4e 55 3d 30 0d 0a 44 72 69 76 65 72 53 63 61 6e 49 6e 74 65 72 76 61 6c 3d 37 0d 0a 44 72 69 76 65 72 55 70 64 61 74 65 72 3d 31 0d 0a 44 72 69 76 65 72 55 70 64 61 74 65 72 56 65 72 73 69 6f 6e 3d 31 0d 0a 44 75 6d 70 52 65 70 6f 72 74 69 6e 67 3d 31 0d 0a 44 55 53 6b 69 70 4f 6e 62 6f 61 72 64 69 6e 67 3d 30 0d 0a 48 43 53 6b 69 70 41 64 76 61 6e 63 65 64
                                                                                                                                                                                                                                                                                              Data Ascii: [Encrypt]ABTestingNames=HealthCheckNFCCPOC=DISABLEDDTNP=1200DUNP=900[Common]AlphaIntegration=1AlphaMigration=1AU2=1CCNU=0DriverScanInterval=7DriverUpdater=1DriverUpdaterVersion=1DumpReporting=1DUSkipOnboarding=0HCSkipAdvanced


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              4192.168.11.205011840.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:08 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 4551
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:08 UTC4551OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:09 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:08 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 2528
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:09 UTC2528INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              5192.168.11.205011940.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:11 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 4551
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:11 UTC4551OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:11 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:11 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 2529
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:11 UTC2529INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              6192.168.11.205012040.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:14 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 4551
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:14 UTC4551OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:14 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:14 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 2529
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:14 UTC2529INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              7192.168.11.205012140.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:17 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 4551
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:17 UTC4551OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:17 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:17 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 2529
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:17 UTC2529INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              8192.168.11.205012234.117.223.2234438500C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:17 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 291
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:17 UTC291OUTData Raw: 0a a0 02 0a 42 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 12 85 01 0a 03 3b 06 03 10 c0 ba 99 e5 0c 28 df 03 5a 73 08 0a 10 00 18 e2 94 01 20 01 28 00 32 24 31 65 33 61 38 37 38 38 2d 35 34 34 35 2d 34 33 31 64 2d 62 36 66 35 2d 62 61 31 31 62 33 62 37 30 31 31 37 38 00 42 2c 38 36 56 4a 2d 56 44 58 38 2d 32 43 45 58 2d 48 44 57 33 2d 37 50 46 41 2d 54 4e 49 55 2d 51 34 41 57 2d 38 59 43 50 2d 32 53 44 36 48 01 52 00 58 00 60 32 6a 00 72 00 78 00 82 01 00 60 01 22 46 12 0a 36 2e 32 34 2e 31 31 30 36 30 18 01 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30
                                                                                                                                                                                                                                                                                              Data Ascii: BB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49;(Zs (2$1e3a8788-5445-431d-b6f5-ba11b3b701178B,86VJ-VDX8-2CEX-HDW3-7PFA-TNIU-Q4AW-8YCP-2SD6HRX`2jrx`"F6.24.11060"/10.0 (Build 19042, Release 200
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:17 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:17 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:17 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              9192.168.11.205012334.149.149.624431444C:\Program Files\CCleaner\CCUpdate.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:18 UTC155OUTGET /v2/info HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              User-Agent: CCleaner Update Agent
                                                                                                                                                                                                                                                                                              Host: ip-info.ff.avast.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:18 UTC176INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:18 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/json
                                                                                                                                                                                                                                                                                              Content-Length: 364
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:18 UTC364INData Raw: 7b 22 69 70 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 38 38 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 73 75 62 64 69 76 69 73 69 6f 6e 73 22 3a 5b 22 44 43 22 5d 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 37 37 2e 30 33 36 35 2c 22 69 73 70 22 3a 22 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73
                                                                                                                                                                                                                                                                                              Data Ascii: {"ip":"102.165.48.88","continent":"North America","continentCode":"NA","country":"US","countryName":"United States","subdivisions":["DC"],"city":"Washington","timezone":"America/New_York","latitude":38.894,"longitude":-77.0365,"isp":"Cogent Communications


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              10192.168.11.205012434.117.223.2234438536C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:18 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 254
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:18 UTC254OUTData Raw: 0a fb 01 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 3d 0a 03 3b 09 01 10 c0 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 17 08 99 3d 12 08 0a 04 48 4b 4c 4d 10 06 12 08 0a 04 48 4b 43 55 10 06 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04 40 12 52 08 08 01 10 a0 dd cc b2 06
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557=;HealthCheckNF1(Z=HKLMHKCU`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H@R
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:18 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:18 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:18 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              11192.168.11.205012634.117.223.2234438536C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:18 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 265
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:18 UTC265OUTData Raw: 0a 86 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 48 0a 03 3b 09 01 10 c0 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 22 08 c9 34 12 1d 0a 19 50 6e 61 63 6c 54 72 61 6e 73 6c 61 74 69 6f 6e 43 61 63 68 65 53 69 7a 65 10 00 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04 40 12
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557H;HealthCheckNF1(Z"4PnaclTranslationCacheSize`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H@
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:18 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:18 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:18 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              12192.168.11.205012934.117.223.2234438536C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:19 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 273
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:19 UTC273OUTData Raw: 0a 8e 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 50 0a 03 3b 09 01 10 c0 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 2a 08 fc 44 12 0e 0a 0a 47 61 6d 65 72 53 63 6f 72 65 10 02 12 15 0a 11 47 61 6d 65 72 53 63 6f 72 65 56 65 72 73 69 6f 6e 10 04 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557P;HealthCheckNF1(Z*DGamerScoreGamerScoreVersion`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:19 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:19 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:19 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              13192.168.11.205013040.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:19 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 4551
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:19 UTC4551OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:20 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:19 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 2529
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:20 UTC2529INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              14192.168.11.205013134.149.149.624438876C:\Program Files\CCleaner\CCUpdate.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:20 UTC155OUTGET /v2/info HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              User-Agent: CCleaner Update Agent
                                                                                                                                                                                                                                                                                              Host: ip-info.ff.avast.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:20 UTC176INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:20 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/json
                                                                                                                                                                                                                                                                                              Content-Length: 364
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:20 UTC364INData Raw: 7b 22 69 70 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 38 38 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 73 75 62 64 69 76 69 73 69 6f 6e 73 22 3a 5b 22 44 43 22 5d 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 37 37 2e 30 33 36 35 2c 22 69 73 70 22 3a 22 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73
                                                                                                                                                                                                                                                                                              Data Ascii: {"ip":"102.165.48.88","continent":"North America","continentCode":"NA","country":"US","countryName":"United States","subdivisions":["DC"],"city":"Washington","timezone":"America/New_York","latitude":38.894,"longitude":-77.0365,"isp":"Cogent Communications


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              15192.168.11.205013234.77.70.864437204C:\Program Files\CCleaner\CCleanerBugReport.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:21 UTC166OUTPOST /V1/MD HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 282
                                                                                                                                                                                                                                                                                              Host: winqual.sb.avast.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:21 UTC282OUTData Raw: 0a 16 0a 14 e5 7e ba 12 a7 41 22 87 65 a2 6c a5 67 86 b5 e8 4a 12 6e da 12 4e 0a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 52 04 ff ff ff ff 5a 20 e8 e4 c5 dc 70 68 f1 d7 a5 f1 48 52 ee eb 17 8f a8 b5 93 58 f6 c4 9c 57 1a 07 6a 00 9f 7b 7e 49 20 00 28 01 30 a3 dd cc b2 06 3a a3 01 0a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 0a 36 2e 32 34 2e 31 31 30 36 30 1a 0c 31 30 2e 30 2e 31 39 30 34 32 20 30 20 01 38 66 40 ec 1f 48 c6 ba 99 e5 0c 5a 00 62 00 68 02 70 b4 01 8a 01 20 e8 e4 c5 dc 70 68 f1 d7 a5 f1 48 52 ee eb 17 8f a8 b5 93 58 f6 c4 9c 57 1a 07 6a 00 9f 7b 7e 49 90 01 00 9a 01 11 4c 4f 47 5c 42 75 67 52 65 70 6f
                                                                                                                                                                                                                                                                                              Data Ascii: ~A"elgJnN$5c75d985-5a4f-4231-b996-70bdb906d557RZ phHRXWj{~I (0:$5c75d985-5a4f-4231-b996-70bdb906d5576.24.1106010.0.19042 0 8f@HZbhp phHRXWj{~ILOG\BugRepo
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:21 UTC150INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:21 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 21
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:21 UTC21INData Raw: 12 02 08 00 1a 0f 4e 6f 74 20 69 6e 20 46 72 61 63 74 69 6f 6e
                                                                                                                                                                                                                                                                                              Data Ascii: Not in Fraction


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              16192.168.11.205013540.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:22 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 4551
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:22 UTC4551OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:22 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:22 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 2529
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:22 UTC2529INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              17192.168.11.205013734.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:23 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 318
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:23 UTC318OUTData Raw: 0a bb 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 7d 0a 03 3b 03 01 10 cc ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 57 0a 13 55 70 64 61 74 65 4e 6f 74 69 66 69 63 61 74 69 6f 6e 73 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557};HealthCheckNF1(ZWUpdateNotificationsActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/10.
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:24 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:24 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:24 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              18192.168.11.205013834.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:24 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 310
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:24 UTC310OUTData Raw: 0a b3 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 75 0a 03 3b 03 01 10 cc ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 4f 0a 0b 41 75 74 6f 55 70 64 61 74 65 73 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557u;HealthCheckNF1(ZOAutoUpdatesActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/10.0 (Build
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:24 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:24 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:24 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              19192.168.11.205013934.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:24 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 309
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:24 UTC309OUTData Raw: 0a b2 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 74 0a 03 3b 03 01 10 cc ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 4e 0a 0a 53 6d 61 72 74 43 6c 65 61 6e 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557t;HealthCheckNF1(ZNSmartCleanActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/10.0 (Build
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:25 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              20192.168.11.205014134.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 322
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC322OUTData Raw: 0a bf 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 80 01 0a 03 3b 03 01 10 cc ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 5a 0a 15 53 6d 61 72 74 43 6c 65 61 6e 3a 4a 75 6e 6b 41 6c 65 72 74 73 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 03 6f 66 66 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(ZZSmartClean:JunkAlertsActivationoff (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:25 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              21192.168.11.205014040.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 4551
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC4551OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:24 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 2529
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC2529INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              22192.168.11.205014234.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 325
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC325OUTData Raw: 0a c2 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 83 01 0a 03 3b 03 01 10 cc ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 5d 0a 18 53 6d 61 72 74 43 6c 65 61 6e 3a 42 72 6f 77 73 65 72 41 6c 65 72 74 73 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 03 6f 66 66 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(Z]SmartClean:BrowserAlertsActivationoff (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.110
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:25 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:25 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              23192.168.11.205014334.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:26 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 306
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:26 UTC306OUTData Raw: 0a af 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 71 0a 03 3b 03 01 10 cc ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 4b 0a 07 53 6b 69 70 55 41 43 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557q;HealthCheckNF1(ZKSkipUACActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/10.0 (Build 190
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:26 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:26 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:26 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              24192.168.11.205014434.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:26 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 325
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:26 UTC325OUTData Raw: 0a c2 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 83 01 0a 03 3b 03 01 10 cc ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 5d 0a 0c 63 63 36 20 72 65 73 65 61 72 63 68 12 09 44 65 74 65 63 74 69 6f 6e 1a 10 77 65 62 76 69 65 77 32 20 3a 3a 20 6e 75 6c 6c 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(Z]cc6 researchDetectionwebview2 :: null (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.110
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:26 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:26 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:26 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              25192.168.11.205014534.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:27 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 579
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:27 UTC579OUTData Raw: 0a c0 04 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 81 03 0a 03 3b 03 01 10 cc ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a da 02 0a 07 53 74 61 72 74 75 70 12 08 67 75 69 20 6f 70 65 6e 1a 16 63 63 6c 65 61 6e 65 72 20 73 74 61 72 74 75 70 20 65 76 65 6e 74 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 85 02 08 00 10 00 1a 03 31 2d 61 22 11 0a 0b 41 75 74 6f 55 70 64 61 74 65 73 12 02 6f 6e 22 0d 0a 07 49 73 41 64 6d 69 6e 12 02 6f 6e 22
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(ZStartupgui openccleaner startup event (2B1-a"AutoUpdateson"IsAdminon"
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:27 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:27 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:27 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              26192.168.11.205014640.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:28 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 4551
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:28 UTC4551OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:28 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:28 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 2528
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:28 UTC2528INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              27192.168.11.205014740.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:30 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 4551
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:30 UTC4551OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:31 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:30 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 2529
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:31 UTC2529INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              28192.168.11.205015234.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 254
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC254OUTData Raw: 0a fb 01 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 3d 0a 03 3b 09 01 10 e2 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 17 08 99 3d 12 08 0a 04 48 4b 4c 4d 10 06 12 08 0a 04 48 4b 43 55 10 06 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04 40 12 52 08 08 01 10 b1 dd cc b2 06
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557=;HealthCheckNF1(Z=HKLMHKCU`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H@R
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:35 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              29192.168.11.205015334.149.149.624435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC126OUTGET /v1/info HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: ip-info.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC176INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:35 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/json
                                                                                                                                                                                                                                                                                              Content-Length: 364
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC364INData Raw: 7b 22 69 70 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 38 38 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 4e 6f 72 74 68 20 41 6d 65 72 69 63 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 43 6f 64 65 22 3a 22 4e 41 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 63 6f 75 6e 74 72 79 4e 61 6d 65 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 73 75 62 64 69 76 69 73 69 6f 6e 73 22 3a 5b 22 44 43 22 5d 2c 22 63 69 74 79 22 3a 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 22 2c 22 6c 61 74 69 74 75 64 65 22 3a 33 38 2e 38 39 34 2c 22 6c 6f 6e 67 69 74 75 64 65 22 3a 2d 37 37 2e 30 33 36 35 2c 22 69 73 70 22 3a 22 43 6f 67 65 6e 74 20 43 6f 6d 6d 75 6e 69 63 61 74 69 6f 6e 73
                                                                                                                                                                                                                                                                                              Data Ascii: {"ip":"102.165.48.88","continent":"North America","continentCode":"NA","country":"US","countryName":"United States","subdivisions":["DC"],"city":"Washington","timezone":"America/New_York","latitude":38.894,"longitude":-77.0365,"isp":"Cogent Communications


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              30192.168.11.205015434.111.24.14435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC815OUTGET /?action=1&p_elm=0&p_lng=en&p_lid=en-us&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: ipm-provider.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC690INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:35 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: 0
                                                                                                                                                                                                                                                                                              Content-Identifier: UNKNOWN SCREEN
                                                                                                                                                                                                                                                                                              ETag: W/1505
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:44:35 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:44:35 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              31192.168.11.205393234.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 265
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC265OUTData Raw: 0a 86 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 48 0a 03 3b 09 01 10 e2 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 22 08 c9 34 12 1d 0a 19 50 6e 61 63 6c 54 72 61 6e 73 6c 61 74 69 6f 6e 43 61 63 68 65 53 69 7a 65 10 00 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04 40 12
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557H;HealthCheckNF1(Z"4PnaclTranslationCacheSize`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H@
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:35 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              32192.168.11.205392834.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 273
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:35 UTC273OUTData Raw: 0a 8e 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 50 0a 03 3b 09 01 10 e2 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 2a 08 fc 44 12 0e 0a 0a 47 61 6d 65 72 53 63 6f 72 65 10 02 12 15 0a 11 47 61 6d 65 72 53 63 6f 72 65 56 65 72 73 69 6f 6e 10 04 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557P;HealthCheckNF1(Z*DGamerScoreGamerScoreVersion`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:36 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              33192.168.11.206418334.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 342
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC342OUTData Raw: 0a d3 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 94 01 0a 03 3b 04 01 10 e2 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 6e 0a 1e 48 65 61 6c 74 68 43 68 65 63 6b 2f 4f 6e 62 6f 61 72 64 69 6e 67 2f 57 65 6c 63 6f 6d 65 12 1e 48 65 61 6c 74 68 43 68 65 63 6b 2f 4f 6e 62 6f 61 72 64 69 6e 67 2f 57 65 6c 63 6f 6d 65 1a 0a 08 80 f7 c9 b2 06 10 01 18 00 2a 09 08 00 10 00 1a 03 31 2d 61 32 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(ZnHealthCheck/Onboarding/WelcomeHealthCheck/Onboarding/Welcome*1-a2mmm_ccl_003_999_a8
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:36 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              34192.168.11.206418240.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 8927
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC8927OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:36 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 4305
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC4305INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              35192.168.11.206418634.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 318
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC318OUTData Raw: 0a bb 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 7d 0a 03 3b 03 01 10 e6 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 57 0a 13 55 70 64 61 74 65 4e 6f 74 69 66 69 63 61 74 69 6f 6e 73 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557};HealthCheckNF1(ZWUpdateNotificationsActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/10.
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:36 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              36192.168.11.205859134.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 267
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC267OUTData Raw: 0a 88 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 4a 0a 03 3b 09 01 10 e4 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 24 08 fe 3e 12 1f 0a 1b 41 75 74 6f 55 70 64 61 74 65 53 65 72 76 69 63 65 4f 6e 46 69 6e 69 73 68 65 64 10 06 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557J;HealthCheckNF1(Z$>AutoUpdateServiceOnFinished`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:37 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              37192.168.11.2051759104.19.178.524432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:36 UTC579OUTGET /consent/831b8ee0-e952-49a5-af6b-01382c722774/OtAutoBlock.js HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC902INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:37 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/x-javascript
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              CF-Ray: 889ddb8bd85f82ea-IAD
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Age: 24547
                                                                                                                                                                                                                                                                                              Cache-Control: public, max-age=86400
                                                                                                                                                                                                                                                                                              Expires: Mon, 27 May 2024 12:44:37 GMT
                                                                                                                                                                                                                                                                                              Last-Modified: Mon, 20 Jun 2022 08:17:02 GMT
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Content-MD5: OjiXocbqAbrCiKradNtQtQ==
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-request-id: 2b3d6220-901e-0084-734e-794b82000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC467INData Raw: 35 32 34 33 0d 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 64 29 7b 76 61 72 20 67 3d 5b 5d 2c 61 3d 5b 5d 2c 66 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 66 6f 72 28 76 61 72 20 62 3d 7b 7d 2c 65 3d 30 3b 65 3c 7a 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 7b 76 61 72 20 68 3d 7a 5b 65 5d 3b 69 66 28 68 2e 54 61 67 3d 3d 3d 63 29 7b 62 3d 68 3b 62 72 65 61 6b 7d 76 61 72 20 6b 3d 28 72 3d 68 2e 54 61 67 2c 74 3d 78 3d 6c 3d 76 6f 69 64 20 30 2c 6c 3d 2d 31 21 3d 3d 28 74 3d 72 29 2e 69 6e 64 65 78 4f 66 28 22 68 74 74 70 3a 22 29 3f 74 2e 72 65 70 6c 61 63 65 28 22 68 74 74 70 3a 22 2c 22 22 29 3a 74 2e 72 65 70 6c 61 63 65 28 22 68 74 74 70 73 3a 22 2c 22 22 29 2c 2d 31 21 3d 3d 28 78 3d 6c 2e 69 6e 64 65 78 4f 66 28 22 3f 22 29 29 3f
                                                                                                                                                                                                                                                                                              Data Ascii: 5243!function(){function n(d){var g=[],a=[],f=function(c){for(var b={},e=0;e<z.length;e++){var h=z[e];if(h.Tag===c){b=h;break}var k=(r=h.Tag,t=x=l=void 0,l=-1!==(t=r).indexOf("http:")?t.replace("http:",""):t.replace("https:",""),-1!==(x=l.indexOf("?"))?
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 6f 6e 28 63 29 7b 76 61 72 20 62 3d 5b 5d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 61 22 29 3b 0a 6b 2e 68 72 65 66 3d 68 3b 68 3d 6b 2e 68 6f 73 74 6e 61 6d 65 2e 73 70 6c 69 74 28 22 2e 22 29 3b 72 65 74 75 72 6e 2d 31 21 3d 3d 68 2e 69 6e 64 65 78 4f 66 28 22 77 77 77 22 29 7c 7c 32 3c 68 2e 6c 65 6e 67 74 68 3f 68 2e 73 6c 69 63 65 28 31 29 2e 6a 6f 69 6e 28 22 2e 22 29 3a 6b 2e 68 6f 73 74 6e 61 6d 65 7d 28 63 29 3b 79 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 3d 3d 3d 65 7d 29 26 26 28 62 3d 5b 22 43 30 30 30 34 22 5d 29 3b 72 65 74 75 72 6e 20 62 7d 28 64 29 29 2c 7b 63 61 74 65 67 6f 72 79 49 64 73 3a 67 2c 76 73 43 61
                                                                                                                                                                                                                                                                                              Data Ascii: on(c){var b=[],e=function(h){var k=document.createElement("a");k.href=h;h=k.hostname.split(".");return-1!==h.indexOf("www")||2<h.length?h.slice(1).join("."):k.hostname}(c);y.some(function(h){return h===e})&&(b=["C0004"]);return b}(d)),{categoryIds:g,vsCa
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 70 61 72 73 65 28 27 5b 7b 22 54 61 67 22 3a 22 68 74 74 70 73 3a 2f 2f 63 63 6c 65 61 6e 65 72 2e 73 70 65 65 64 74 65 73 74 63 75 73 74 6f 6d 2e 63 6f 6d 2f 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 69 6c 64 65 72 2d 75 70 6c 6f 61 64 2e 65 75 2f 74 68 75 6d 62 2f 32 65 30 66 66 65 2d 31 34 32 39 39 36 32 32 35 38 2e 6a 70 67 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 3a 2f 2f 70 69 78 70 69 70 65 6c 69 6e 65 2e 63 6f 6d 2f 73 74 2f 30 64 38 37 31 32 38 32 38 37 37 38 2e 6a 70 67 22 2c 22 43 61 74 65 67 6f
                                                                                                                                                                                                                                                                                              Data Ascii: parse('[{"Tag":"https://ccleaner.speedtestcustom.com/","CategoryId":["C0004"],"Vendor":null},{"Tag":"http://www.bilder-upload.eu/thumb/2e0ffe-1429962258.jpg","CategoryId":["C0004"],"Vendor":null},{"Tag":"http://pixpipeline.com/st/0d8712828778.jpg","Catego
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f 70 6c 75 67 69 6e 73 2f 75 61 2f 65 63 2e 6a 73 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 32 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 73 3a 2f 2f 74 72 2e 6f 75 74 62 72 61 69 6e 2e 63 6f 6d 2f 63 61 63 68 65 64 43 6c 69 63 6b 49 64 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 73 3a 2f 2f 64 65 76 2e 76 69 73 75 61 6c 77 65 62 73 69 74 65 6f
                                                                                                                                                                                                                                                                                              Data Ascii: ,"CategoryId":["C0004"],"Vendor":null},{"Tag":"https://www.google-analytics.com/plugins/ua/ec.js","CategoryId":["C0002"],"Vendor":null},{"Tag":"https://tr.outbrain.com/cachedClickId","CategoryId":["C0004"],"Vendor":null},{"Tag":"https://dev.visualwebsiteo
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 67 22 3a 22 68 74 74 70 3a 2f 2f 6c 65 63 6b 74 72 6f 6e 69 78 2e 63 6f 6d 2f 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 69 6c 64 65 72 2d 75 70 6c 6f 61 64 2e 65 75 2f 74 68 75 6d 62 2f 37 39 66 36 31 38 2d 31 34 33 39 32 30 33 38 35 35 2e 6a 70 67 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 3a 2f 2f 64 65 76 2e 76 69 73 75 61 6c 77 65 62 73 69 74 65 6f 70 74 69 6d 69 7a 65 72 2e 63 6f 6d 2f 6a 2e 70 68 70 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 32 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e
                                                                                                                                                                                                                                                                                              Data Ascii: g":"http://lecktronix.com/","CategoryId":["C0004"],"Vendor":null},{"Tag":"http://www.bilder-upload.eu/thumb/79f618-1439203855.jpg","CategoryId":["C0004"],"Vendor":null},{"Tag":"http://dev.visualwebsiteoptimizer.com/j.php","CategoryId":["C0002"],"Vendor":n
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 64 6f 6e 70 69 74 63 68 65 72 70 68 6f 74 6f 67 72 61 70 68 79 2e 63 6f 6d 2f 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 73 3a 2f 2f 6d 79 2e 78 66 69 6e 69 74 79 2e 63 6f 6d 2f 7e 70 72 67 61 75 6c 74 2f 67 69 72 6c 66 69 67 68 74 2e 67 69 66 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f 70 6c 75 67 69 6e 73
                                                                                                                                                                                                                                                                                              Data Ascii: Id":["C0004"],"Vendor":null},{"Tag":"http://www.donpitcherphotography.com/","CategoryId":["C0004"],"Vendor":null},{"Tag":"https://my.xfinity.com/~prgault/girlfight.gif","CategoryId":["C0004"],"Vendor":null},{"Tag":"https://www.google-analytics.com/plugins
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 22 43 30 30 30 32 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 73 3a 2f 2f 70 69 78 65 6c 2e 71 75 61 6e 74 73 65 72 76 65 2e 63 6f 6d 2f 70 69 78 65 6c 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 73 3a 2f 2f 63 6f 6e 6e 65 63 74 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 2f 73 69 67 6e 61 6c 73 2f 63 6f 6e 66 69 67 2f 32 36 37 39 34 37 35 33 34 35 37 30 38 31 30 31 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 73 3a 2f 2f 66 6f 72 75 6d 73 2e 6c 75 6e 61 72 73 6f 66 74 2e 6e 65 74 2f 22 2c 22 43
                                                                                                                                                                                                                                                                                              Data Ascii: "C0002"],"Vendor":null},{"Tag":"https://pixel.quantserve.com/pixel","CategoryId":["C0004"],"Vendor":null},{"Tag":"https://connect.facebook.net/signals/config/2679475345708101","CategoryId":["C0004"],"Vendor":null},{"Tag":"https://forums.lunarsoft.net/","C
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 70 67 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 74 72 2f 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 69 6c 64 65 72 2d 75 70 6c 6f 61 64 2e 65 75 2f 74 68 75 6d 62 2f 64 63 64 65 37 32 2d 31 34 33 39 30 34 39 32 39 33 2e 6a 70 67 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 73 3a 2f 2f 63 63 6c 65 61 6e 65 72 63 6f 6d 2d 70 72 6f 64 75 63
                                                                                                                                                                                                                                                                                              Data Ascii: pg","CategoryId":["C0004"],"Vendor":null},{"Tag":"https://www.facebook.com/tr/","CategoryId":["C0004"],"Vendor":null},{"Tag":"http://www.bilder-upload.eu/thumb/dcde72-1439049293.jpg","CategoryId":["C0004"],"Vendor":null},{"Tag":"https://ccleanercom-produc
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 75 62 65 2e 63 6f 6d 2f 65 6d 62 65 64 2f 61 4c 4f 38 64 5a 30 72 34 70 51 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 32 22 2c 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 73 3a 2f 2f 64 6f 64 61 6a 2e 72 73 2f 66 2f 33 38 2f 68 34 2f 33 6e 42 78 48 6a 76 73 2f 73 70 65 63 63 79 2e 70 6e 67 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 64 6f 67 70 72 6f 64 75 63 74 73 68 6f 70 2e 63 6f 2e 75 6b 2f 73 6d 69 6c 65 2f 68 61 70 70 79 2f 68 61 70 70 79 30 30 30 35 2e 67 69 66 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 35 22 5d 2c
                                                                                                                                                                                                                                                                                              Data Ascii: ube.com/embed/aLO8dZ0r4pQ","CategoryId":["C0002","C0004"],"Vendor":null},{"Tag":"https://dodaj.rs/f/38/h4/3nBxHjvs/speccy.png","CategoryId":["C0004"],"Vendor":null},{"Tag":"http://www.dogproductshop.co.uk/smile/happy/happy0005.gif","CategoryId":["C0005"],
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 61 62 33 64 33 61 65 61 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 35 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 69 6c 64 65 72 2d 75 70 6c 6f 61 64 2e 65 75 2f 74 68 75 6d 62 2f 65 66 65 65 31 38 2d 31 34 34 34 32 35 37 37 35 31 2e 6a 70 67 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 3a 2f 2f 70 69 78 70 69 70 65 6c 69 6e 65 2e 63 6f 6d 2f 73 74 2f 38 38 33 34 64 66 65 62 38 61 61 33 2e 6a 70 67 22 2c 22 43 61 74 65 67 6f 72 79 49 64 22 3a 5b 22 43 30 30 30 34 22 5d 2c 22 56 65 6e 64 6f 72 22 3a 6e 75 6c 6c 7d 2c 7b 22 54 61 67 22 3a 22 68 74 74 70 3a 2f
                                                                                                                                                                                                                                                                                              Data Ascii: ab3d3aea","CategoryId":["C0005"],"Vendor":null},{"Tag":"http://www.bilder-upload.eu/thumb/efee18-1444257751.jpg","CategoryId":["C0004"],"Vendor":null},{"Tag":"http://pixpipeline.com/st/8834dfeb8aa3.jpg","CategoryId":["C0004"],"Vendor":null},{"Tag":"http:/


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              38192.168.11.205176034.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 310
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC310OUTData Raw: 0a b3 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 75 0a 03 3b 03 01 10 e6 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 4f 0a 0b 41 75 74 6f 55 70 64 61 74 65 73 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557u;HealthCheckNF1(ZOAutoUpdatesActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/10.0 (Build
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:37 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              39192.168.11.2060021104.19.178.524432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC548OUTGET /scripttemplates/otSDKStub.js HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC815INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:37 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-MD5: Dw6K+rTuf8kOuPIEBw1QQA==
                                                                                                                                                                                                                                                                                              Last-Modified: Thu, 23 May 2024 06:07:35 GMT
                                                                                                                                                                                                                                                                                              x-ms-request-id: 45f801e8-701e-0062-802b-ad06b1000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Age: 74068
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              CF-RAY: 889ddb8d1818173d-IAD
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC554INData Raw: 35 32 65 65 0d 0a 76 61 72 20 4f 6e 65 54 72 75 73 74 53 74 75 62 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 61 2c 6f 2c 70 3d 6e 65 77 20 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 70 74 61 6e 6f 6e 43 6f 6f 6b 69 65 4e 61 6d 65 3d 22 4f 70 74 61 6e 6f 6e 43 6f 6e 73 65 6e 74 22 2c 74 68 69 73 2e 6f 70 74 61 6e 6f 6e 48 74 6d 6c 47 72 6f 75 70 44 61 74 61 3d 5b 5d 2c 74 68 69 73 2e 6f 70 74 61 6e 6f 6e 48 6f 73 74 44 61 74 61 3d 5b 5d 2c 74 68 69 73 2e 67 65 6e 56 65 6e 64 6f 72 73 44 61 74 61 3d 5b 5d 2c 74 68 69 73 2e 76 65 6e 64 6f 72 73 53 65 72 76 69 63 65 44 61 74 61 3d 5b 5d 2c 74 68 69 73 2e 49 41 42 43 6f 6f 6b 69 65 56 61 6c 75 65 3d 22 22 2c 74 68 69 73 2e 6f 6e 65 54 72 75 73 74 49 41 42
                                                                                                                                                                                                                                                                                              Data Ascii: 52eevar OneTrustStub=function(t){"use strict";var a,o,p=new function(){this.optanonCookieName="OptanonConsent",this.optanonHtmlGroupData=[],this.optanonHostData=[],this.genVendorsData=[],this.vendorsServiceData=[],this.IABCookieValue="",this.oneTrustIAB
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 48 52 22 2c 22 4c 49 22 2c 22 4e 4f 22 2c 22 49 53 22 5d 2c 74 68 69 73 2e 73 74 75 62 46 69 6c 65 4e 61 6d 65 3d 22 6f 74 53 44 4b 53 74 75 62 22 2c 74 68 69 73 2e 44 41 54 41 46 49 4c 45 41 54 54 52 49 42 55 54 45 3d 22 64 61 74 61 2d 64 6f 6d 61 69 6e 2d 73 63 72 69 70 74 22 2c 74 68 69 73 2e 62 61 6e 6e 65 72 53 63 72 69 70 74 4e 61 6d 65 3d 22 6f 74 42 61 6e 6e 65 72 53 64 6b 2e 6a 73 22 2c 74 68 69 73 2e 6d 6f 62 69 6c 65 4f 6e 6c 69 6e 65 55 52 4c 3d 5b 5d 2c 74 68 69 73 2e 69 73 4d 69 67 72 61 74 65 64 55 52 4c 3d 21 31 2c 74 68 69 73 2e 6d 69 67 72 61 74 65 64 43 43 54 49 44 3d 22 5b 5b 4f 6c 64 43 43 54 49 44 5d 5d 22 2c 74 68 69 73 2e 6d 69 67 72 61 74 65 64 44 6f 6d 61 69 6e 49 64 3d 22 5b 5b 4e 65 77 44 6f 6d 61 69 6e 49 64 5d 5d 22 2c 74 68
                                                                                                                                                                                                                                                                                              Data Ascii: HR","LI","NO","IS"],this.stubFileName="otSDKStub",this.DATAFILEATTRIBUTE="data-domain-script",this.bannerScriptName="otBannerSdk.js",this.mobileOnlineURL=[],this.isMigratedURL=!1,this.migratedCCTID="[[OldCCTID]]",this.migratedDomainId="[[NewDomainId]]",th
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 68 69 73 2e 63 61 6d 65 6c 69 7a 65 28 61 5b 30 5d 29 5d 3d 61 5b 31 5d 2e 74 72 69 6d 28 29 7d 72 65 74 75 72 6e 20 65 7d 2c 65 29 3b 66 75 6e 63 74 69 6f 6e 20 65 28 29 7b 76 61 72 20 74 3d 74 68 69 73 3b 74 68 69 73 2e 69 6d 70 6c 65 6d 65 6e 74 54 68 65 50 6f 6c 79 66 69 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 2c 6f 3d 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 3b 72 65 74 75 72 6e 20 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 69 66 28 22 73 74 79 6c 65 22 21 3d 3d 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 26 26 6f 2e 61 70 70 6c 79 28 74 68 69 73 2c 5b 74 2c 65 5d 29 2c 22 73 74 79 6c 65
                                                                                                                                                                                                                                                                                              Data Ascii: his.camelize(a[0])]=a[1].trim()}return e},e);function e(){var t=this;this.implementThePolyfill=function(){var a=t,o=Element.prototype.setAttribute;return Element.prototype.setAttribute=function(t,e){if("style"!==t.toLowerCase()&&o.apply(this,[t,e]),"style
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 6f 76 65 47 70 70 41 70 69 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 73 2e 77 69 6e 2e 5f 5f 67 70 70 3b 76 61 72 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 69 66 72 61 6d 65 5b 6e 61 6d 65 3d 22 2b 73 2e 4c 4f 43 41 54 4f 52 5f 4e 41 4d 45 2b 22 5d 22 29 5b 30 5d 3b 74 26 26 74 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2e 72 65 6d 6f 76 65 43 68 69 6c 64 28 74 29 7d 2c 74 68 69 73 2e 65 78 65 63 75 74 65 47 70 70 41 70 69 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 65 3d 30 3b 65 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 65 2b 2b 29 74 5b 65 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 65 5d 3b 76 61 72 20 69 3d 6e 75 6c 6c 3d 3d 28 69 3d 73 2e 77 69 6e 29 3f
                                                                                                                                                                                                                                                                                              Data Ascii: oveGppApi=function(){delete s.win.__gpp;var t=document.querySelectorAll("iframe[name="+s.LOCATOR_NAME+"]")[0];t&&t.parentElement.removeChild(t)},this.executeGppApi=function(){for(var t=[],e=0;e<arguments.length;e++)t[e]=arguments[e];var i=null==(i=s.win)?
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 6e 61 6d 65 3d 74 2c 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 69 74 6c 65 22 2c 22 47 50 50 20 4c 6f 63 61 74 6f 72 22 29 2c 69 2e 62 6f 64 79 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 65 29 29 3a 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 73 2e 61 64 64 46 72 61 6d 65 28 74 29 7d 2c 35 29 29 2c 21 6e 7d 2c 74 68 69 73 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 69 2c 6e 3d 73 2e 77 69 6e 2e 5f 5f 67 70 70 3b 72 65 74 75 72 6e 20 6e 2e 65 76 65 6e 74 73 3d 6e 2e 65 76 65 6e 74 73 7c 7c 5b 5d 2c 6e 75 6c 6c 21 3d 28 69 3d 6e 29 26 26 69 2e 6c 61 73 74 49 64 7c 7c 28 6e 2e 6c 61 73 74 49 64 3d 30 29 2c 6e 2e 6c 61 73 74 49 64 2b 2b 2c 6e 2e 65 76 65 6e 74 73 2e 70
                                                                                                                                                                                                                                                                                              Data Ascii: name=t,e.setAttribute("title","GPP Locator"),i.body.appendChild(e)):setTimeout(function(){s.addFrame(t)},5)),!n},this.addEventListener=function(t,e){var i,n=s.win.__gpp;return n.events=n.events||[],null!=(i=n)&&i.lastId||(n.lastId=0),n.lastId++,n.events.p
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 63 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6e 6f 6e 63 65 3d 70 2e 73 74 75 62 53 63 72 69 70 74 45 6c 65 6d 65 6e 74 2e 6e 6f 6e 63 65 7c 7c 70 2e 73 74 75 62 53 63 72 69 70 74 45 6c 65 6d 65 6e 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 6f 6e 63 65 22 29 7c 7c 6e 75 6c 6c 7d 2c 68 2e 70 72 6f 74 6f 74 79 70 65 2e 66 65 74 63 68 42 61 6e 6e 65 72 53 44 4b 44 65 70 65 6e 64 65 6e 63 79 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 73 65 74 44 6f 6d 61 69 6e 44 61 74 61 46 69 6c 65 55 52 4c 28 29 2c 74 68 69 73 2e 63 72 6f 73 73 4f 72 69 67 69 6e 3d 70 2e 73 74 75 62 53 63 72 69 70 74 45 6c 65 6d 65 6e 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 63 72 6f 73 73 6f 72 69 67 69 6e 22 29 7c 7c 6e 75 6c 6c 2c 74 68 69 73 2e 70 72
                                                                                                                                                                                                                                                                                              Data Ascii: ce=function(){this.nonce=p.stubScriptElement.nonce||p.stubScriptElement.getAttribute("nonce")||null},h.prototype.fetchBannerSDKDependency=function(){this.setDomainDataFileURL(),this.crossOrigin=p.stubScriptElement.getAttribute("crossorigin")||null,this.pr
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 70 6f 6e 73 65 2c 74 68 69 73 2e 73 65 74 47 65 6f 4c 6f 63 61 74 69 6f 6e 28 69 2e 63 6f 75 6e 74 72 79 43 6f 64 65 2c 69 2e 73 74 61 74 65 43 6f 64 65 29 2c 74 68 69 73 2e 61 64 64 42 61 6e 6e 65 72 53 44 4b 53 63 72 69 70 74 28 74 29 29 3a 28 69 3d 74 68 69 73 2e 72 65 61 64 43 6f 6f 6b 69 65 50 61 72 61 6d 28 70 2e 6f 70 74 61 6e 6f 6e 43 6f 6f 6b 69 65 4e 61 6d 65 2c 70 2e 67 65 6f 6c 6f 63 61 74 69 6f 6e 43 6f 6f 6b 69 65 73 50 61 72 61 6d 29 29 7c 7c 74 2e 53 6b 69 70 47 65 6f 6c 6f 63 61 74 69 6f 6e 3f 28 65 3d 69 2e 73 70 6c 69 74 28 22 3b 22 29 5b 30 5d 2c 69 3d 69 2e 73 70 6c 69 74 28 22 3b 22 29 5b 31 5d 2c 74 68 69 73 2e 73 65 74 47 65 6f 4c 6f 63 61 74 69 6f 6e 28 65 2c 69 29 2c 74 68 69 73 2e 61 64 64 42 61 6e 6e 65 72 53 44 4b 53 63 72 69
                                                                                                                                                                                                                                                                                              Data Ascii: ponse,this.setGeoLocation(i.countryCode,i.stateCode),this.addBannerSDKScript(t)):(i=this.readCookieParam(p.optanonCookieName,p.geolocationCookiesParam))||t.SkipGeolocation?(e=i.split(";")[0],i=i.split(";")[1],this.setGeoLocation(e,i),this.addBannerSDKScri
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 65 29 7b 70 2e 75 73 65 72 4c 6f 63 61 74 69 6f 6e 3d 7b 63 6f 75 6e 74 72 79 3a 74 2c 73 74 61 74 65 3a 65 3d 76 6f 69 64 20 30 3d 3d 3d 65 3f 22 22 3a 65 7d 7d 2c 68 2e 70 72 6f 74 6f 74 79 70 65 2e 6f 74 46 65 74 63 68 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 69 2c 65 2c 6e 2c 61 29 7b 76 6f 69 64 20 30 3d 3d 3d 65 26 26 28 65 3d 21 31 29 2c 76 6f 69 64 20 30 3d 3d 3d 6e 26 26 28 6e 3d 6e 75 6c 6c 29 3b 76 61 72 20 6f 3d 77 69 6e 64 6f 77 2e 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 26 26 77 69 6e 64 6f 77 2e 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 2e 67 65 74 49 74 65 6d 28 22 6f 74 50 72 65 76 69 65 77 44 61 74 61 22 29 3b 69 66 28 6e 65 77 20 52 65 67 45 78 70 28 22 5e 66 69 6c 65 3a 2f 2f 22 2c 22 69 22 29 2e 74 65 73 74 28 74 29 29 74 68 69 73 2e 6f
                                                                                                                                                                                                                                                                                              Data Ascii: e){p.userLocation={country:t,state:e=void 0===e?"":e}},h.prototype.otFetch=function(t,i,e,n,a){void 0===e&&(e=!1),void 0===n&&(n=null);var o=window.sessionStorage&&window.sessionStorage.getItem("otPreviewData");if(new RegExp("^file://","i").test(t))this.o
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 6f 6e 2c 6f 3d 74 2e 52 75 6c 65 53 65 74 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 21 30 3d 3d 3d 74 2e 44 65 66 61 75 6c 74 7d 29 3b 69 66 28 21 61 2e 63 6f 75 6e 74 72 79 26 26 21 61 2e 73 74 61 74 65 29 72 65 74 75 72 6e 20 6f 26 26 30 3c 6f 2e 6c 65 6e 67 74 68 3f 6f 5b 30 5d 3a 6e 75 6c 6c 3b 66 6f 72 28 76 61 72 20 73 3d 61 2e 73 74 61 74 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 72 3d 61 2e 63 6f 75 6e 74 72 79 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 2c 75 3d 30 3b 75 3c 74 2e 52 75 6c 65 53 65 74 2e 6c 65 6e 67 74 68 3b 75 2b 2b 29 69 66 28 21 30 3d 3d 3d 74 2e 52 75 6c 65 53 65 74 5b 75 5d 2e 47 6c 6f 62 61 6c 29 6e 3d 74 2e 52 75 6c 65 53 65 74 5b 75 5d 3b 65 6c 73 65 7b 76 61 72 20 6c 3d 74 2e 52 75
                                                                                                                                                                                                                                                                                              Data Ascii: on,o=t.RuleSet.filter(function(t){return!0===t.Default});if(!a.country&&!a.state)return o&&0<o.length?o[0]:null;for(var s=a.state.toLowerCase(),r=a.country.toLowerCase(),u=0;u<t.RuleSet.length;u++)if(!0===t.RuleSet[u].Global)n=t.RuleSet[u];else{var l=t.Ru
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC1369INData Raw: 74 43 6f 6f 6b 69 65 28 70 2e 6f 6e 65 54 72 75 73 74 49 41 42 43 6f 6f 6b 69 65 4e 61 6d 65 29 29 3a 70 2e 69 73 53 74 75 62 52 65 61 64 79 3d 21 31 7d 2c 68 2e 70 72 6f 74 6f 74 79 70 65 2e 76 61 6c 69 64 61 74 65 49 41 42 47 44 50 52 41 70 70 6c 69 65 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 74 68 69 73 2e 72 65 61 64 43 6f 6f 6b 69 65 50 61 72 61 6d 28 70 2e 6f 70 74 61 6e 6f 6e 43 6f 6f 6b 69 65 4e 61 6d 65 2c 70 2e 67 65 6f 6c 6f 63 61 74 69 6f 6e 43 6f 6f 6b 69 65 73 50 61 72 61 6d 29 2e 73 70 6c 69 74 28 22 3b 22 29 5b 30 5d 3b 74 3f 74 68 69 73 2e 69 73 42 6f 6f 6c 65 61 6e 28 74 29 3f 70 2e 6f 6e 65 54 72 75 73 74 49 41 42 67 64 70 72 41 70 70 6c 69 65 73 47 6c 6f 62 61 6c 6c 79 3d 22 74 72 75 65 22 3d 3d 3d 74 3a 70 2e 6f 6e 65
                                                                                                                                                                                                                                                                                              Data Ascii: tCookie(p.oneTrustIABCookieName)):p.isStubReady=!1},h.prototype.validateIABGDPRApplied=function(){var t=this.readCookieParam(p.optanonCookieName,p.geolocationCookiesParam).split(";")[0];t?this.isBoolean(t)?p.oneTrustIABgdprAppliesGlobally="true"===t:p.one


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              40192.168.11.206002234.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 342
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC342OUTData Raw: 0a d3 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 94 01 0a 03 3b 04 01 10 e6 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 6e 0a 1e 50 6f 70 75 70 2f 70 6f 73 74 69 6e 73 74 61 6c 6c 2f 67 65 74 74 69 6e 67 72 65 61 64 79 12 1e 50 6f 70 75 70 2f 70 6f 73 74 69 6e 73 74 61 6c 6c 2f 67 65 74 74 69 6e 67 72 65 61 64 79 1a 0a 08 80 f7 c9 b2 06 10 01 18 00 2a 09 08 00 10 00 1a 03 31 2d 61 32 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(ZnPopup/postinstall/gettingreadyPopup/postinstall/gettingready*1-a2mmm_ccl_003_999_a8
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:37 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              41192.168.11.206002534.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 309
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC309OUTData Raw: 0a b2 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 74 0a 03 3b 03 01 10 e6 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 4e 0a 0a 53 6d 61 72 74 43 6c 65 61 6e 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557t;HealthCheckNF1(ZNSmartCleanActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/10.0 (Build
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:37 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              42192.168.11.204937534.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 320
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:37 UTC320OUTData Raw: 0a bd 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 7f 0a 03 3b 03 01 10 e6 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 59 0a 15 53 6d 61 72 74 43 6c 65 61 6e 3a 4a 75 6e 6b 41 6c 65 72 74 73 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(ZYSmartClean:JunkAlertsActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/1
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:38 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              43192.168.11.204937634.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 318
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC318OUTData Raw: 0a bb 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 7d 0a 03 3b 03 01 10 e8 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 57 0a 13 55 70 64 61 74 65 4e 6f 74 69 66 69 63 61 74 69 6f 6e 73 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 02 18 01 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557};HealthCheckNF1(ZWUpdateNotificationsActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/10.
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:38 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              44192.168.11.206041234.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 325
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC325OUTData Raw: 0a c2 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 83 01 0a 03 3b 03 01 10 e6 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 5d 0a 18 53 6d 61 72 74 43 6c 65 61 6e 3a 42 72 6f 77 73 65 72 41 6c 65 72 74 73 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 03 6f 66 66 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(Z]SmartClean:BrowserAlertsActivationoff (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.110
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:38 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              45192.168.11.206041534.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 310
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC310OUTData Raw: 0a b3 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 75 0a 03 3b 03 01 10 e8 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 4f 0a 0b 41 75 74 6f 55 70 64 61 74 65 73 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 02 18 01 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557u;HealthCheckNF1(ZOAutoUpdatesActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/10.0 (Build
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:38 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              46192.168.11.206041634.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 306
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC306OUTData Raw: 0a af 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 71 0a 03 3b 03 01 10 e6 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 4b 0a 07 53 6b 69 70 55 41 43 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557q;HealthCheckNF1(ZKSkipUACActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/10.0 (Build 190
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:39 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              47192.168.11.2062574104.19.178.524432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:38 UTC636OUTGET /consent/831b8ee0-e952-49a5-af6b-01382c722774/831b8ee0-e952-49a5-af6b-01382c722774.json HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC902INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:39 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/x-javascript
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              CF-Ray: 889ddb9878a70949-IAD
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Age: 61420
                                                                                                                                                                                                                                                                                              Cache-Control: public, max-age=86400
                                                                                                                                                                                                                                                                                              Expires: Mon, 27 May 2024 12:44:39 GMT
                                                                                                                                                                                                                                                                                              Last-Modified: Mon, 20 Jun 2022 08:17:01 GMT
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Content-MD5: +ktymhPnSWqyEqeVb81i+w==
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-request-id: cf7914a9-901e-005f-4057-798dbf000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC467INData Raw: 66 65 63 0d 0a 7b 22 43 6f 6f 6b 69 65 53 50 41 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 4d 75 6c 74 69 56 61 72 69 61 6e 74 54 65 73 74 69 6e 67 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 55 73 65 56 32 22 3a 74 72 75 65 2c 22 4d 6f 62 69 6c 65 53 44 4b 22 3a 66 61 6c 73 65 2c 22 53 6b 69 70 47 65 6f 6c 6f 63 61 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 53 63 72 69 70 74 54 79 70 65 22 3a 22 50 52 4f 44 55 43 54 49 4f 4e 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 36 2e 33 36 2e 30 22 2c 22 4f 70 74 61 6e 6f 6e 44 61 74 61 4a 53 4f 4e 22 3a 22 38 33 31 62 38 65 65 30 2d 65 39 35 32 2d 34 39 61 35 2d 61 66 36 62 2d 30 31 33 38 32 63 37 32 32 37 37 34 22 2c 22 47 65 6f 6c 6f 63 61 74 69 6f 6e 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 67 65 6f 6c 6f 63
                                                                                                                                                                                                                                                                                              Data Ascii: fec{"CookieSPAEnabled":false,"MultiVariantTestingEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":false,"ScriptType":"PRODUCTION","Version":"6.36.0","OptanonDataJSON":"831b8ee0-e952-49a5-af6b-01382c722774","GeolocationUrl":"https://geoloc
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC1369INData Raw: 44 50 52 29 22 2c 22 43 6f 75 6e 74 72 69 65 73 22 3a 5b 22 70 72 22 2c 22 70 73 22 2c 22 70 77 22 2c 22 70 79 22 2c 22 71 61 22 2c 22 61 64 22 2c 22 61 65 22 2c 22 61 66 22 2c 22 61 67 22 2c 22 61 69 22 2c 22 61 6c 22 2c 22 61 6d 22 2c 22 61 6f 22 2c 22 61 71 22 2c 22 61 72 22 2c 22 61 73 22 2c 22 61 75 22 2c 22 61 77 22 2c 22 61 7a 22 2c 22 62 61 22 2c 22 62 62 22 2c 22 72 73 22 2c 22 62 64 22 2c 22 72 75 22 2c 22 62 66 22 2c 22 72 77 22 2c 22 62 68 22 2c 22 62 69 22 2c 22 62 6a 22 2c 22 62 6c 22 2c 22 62 6d 22 2c 22 62 6e 22 2c 22 62 6f 22 2c 22 73 61 22 2c 22 62 71 22 2c 22 73 62 22 2c 22 62 72 22 2c 22 73 63 22 2c 22 62 73 22 2c 22 73 64 22 2c 22 62 74 22 2c 22 62 76 22 2c 22 73 67 22 2c 22 73 68 22 2c 22 62 77 22 2c 22 62 79 22 2c 22 73 6a 22 2c 22
                                                                                                                                                                                                                                                                                              Data Ascii: DPR)","Countries":["pr","ps","pw","py","qa","ad","ae","af","ag","ai","al","am","ao","aq","ar","as","au","aw","az","ba","bb","rs","bd","ru","bf","rw","bh","bi","bj","bl","bm","bn","bo","sa","bq","sb","br","sc","bs","sd","bt","bv","sg","sh","bw","by","sj","
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC1369INData Raw: 44 50 52 20 74 65 6d 70 6c 61 74 65 2e 22 2c 22 43 6f 6e 64 69 74 69 6f 6e 73 22 3a 5b 5d 2c 22 47 43 45 6e 61 62 6c 65 22 3a 66 61 6c 73 65 7d 2c 7b 22 49 64 22 3a 22 32 36 62 65 64 30 30 37 2d 36 63 37 30 2d 34 64 61 37 2d 62 38 33 30 2d 32 35 65 32 35 63 36 34 34 33 33 36 22 2c 22 4e 61 6d 65 22 3a 22 49 72 65 6c 61 6e 64 20 28 41 6c 6c 20 4f 70 74 2d 69 6e 29 22 2c 22 43 6f 75 6e 74 72 69 65 73 22 3a 5b 22 69 65 22 5d 2c 22 53 74 61 74 65 73 22 3a 7b 7d 2c 22 4c 61 6e 67 75 61 67 65 53 77 69 74 63 68 65 72 50 6c 61 63 65 68 6f 6c 64 65 72 22 3a 7b 22 64 65 22 3a 22 64 65 22 2c 22 64 65 66 61 75 6c 74 22 3a 22 65 6e 22 2c 22 72 75 22 3a 22 72 75 22 2c 22 70 74 22 3a 22 70 74 22 2c 22 69 74 22 3a 22 69 74 22 2c 22 66 72 22 3a 22 66 72 22 2c 22 65 73 22
                                                                                                                                                                                                                                                                                              Data Ascii: DPR template.","Conditions":[],"GCEnable":false},{"Id":"26bed007-6c70-4da7-b830-25e25c644336","Name":"Ireland (All Opt-in)","Countries":["ie"],"States":{},"LanguageSwitcherPlaceholder":{"de":"de","default":"en","ru":"ru","pt":"pt","it":"it","fr":"fr","es"
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC878INData Raw: 30 38 3a 31 37 3a 30 30 2e 38 33 37 32 31 37 22 2c 22 63 6d 70 49 64 22 3a 22 32 38 22 2c 22 63 6d 70 56 65 72 73 69 6f 6e 22 3a 22 31 22 2c 22 63 6f 6e 73 65 6e 74 53 63 72 65 65 6e 22 3a 22 31 22 2c 22 63 6f 6e 73 65 6e 74 4c 61 6e 67 75 61 67 65 22 3a 6e 75 6c 6c 2c 22 76 65 6e 64 6f 72 4c 69 73 74 56 65 72 73 69 6f 6e 22 3a 30 2c 22 6d 61 78 56 65 6e 64 6f 72 49 64 22 3a 30 2c 22 65 6e 63 6f 64 69 6e 67 54 79 70 65 22 3a 22 30 22 2c 22 67 6c 6f 62 61 6c 56 65 6e 64 6f 72 4c 69 73 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6f 6b 69 65 6c 61 77 2e 6f 72 67 2f 76 65 6e 64 6f 72 6c 69 73 74 2f 69 61 62 32 44 61 74 61 2e 6a 73 6f 6e 22 7d 2c 22 47 6f 6f 67 6c 65 44 61 74 61 22 3a 7b 22 76 65 6e 64 6f 72 4c 69 73 74 56 65 72 73 69 6f 6e
                                                                                                                                                                                                                                                                                              Data Ascii: 08:17:00.837217","cmpId":"28","cmpVersion":"1","consentScreen":"1","consentLanguage":null,"vendorListVersion":0,"maxVendorId":0,"encodingType":"0","globalVendorListUrl":"https://cdn.cookielaw.org/vendorlist/iab2Data.json"},"GoogleData":{"vendorListVersion
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              48192.168.11.206503934.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 309
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC309OUTData Raw: 0a b2 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 74 0a 03 3b 03 01 10 e8 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 4e 0a 0a 53 6d 61 72 74 43 6c 65 61 6e 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 02 18 01 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557t;HealthCheckNF1(ZNSmartCleanActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/10.0 (Build
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:39 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              49192.168.11.20561313.162.125.204432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC563OUTGET /bootstrap/v5/tp.widget.bootstrap.min.js HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: widget.trustpilot.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC671INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Type: application/x-javascript
                                                                                                                                                                                                                                                                                              Content-Length: 6759
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Last-Modified: Thu, 26 Oct 2023 12:27:20 GMT
                                                                                                                                                                                                                                                                                              x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Server: AmazonS3
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                                                                              ETag: "15864ce88fa79a3e954417d0c3396798"
                                                                                                                                                                                                                                                                                              X-Cache: RefreshHit from cloudfront
                                                                                                                                                                                                                                                                                              Via: 1.1 25dd17c88d0158942eb6f00c94f5f0c0.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                              X-Amz-Cf-Pop: IAD61-P3
                                                                                                                                                                                                                                                                                              X-Amz-Cf-Id: 7YtyIxiHMQULF7PIOX7XrT-S9Lh24UrAlDfh_7XdnAJHe2IuAofFgw==
                                                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC6759INData Raw: 1f 8b 08 00 00 00 00 00 04 00 ed 5c eb 52 e3 48 96 fe 3f 4f 61 34 b1 6e 69 49 84 cd 1d b9 14 4c 15 45 4f b3 51 14 15 14 dd bd b3 2c 41 c8 56 da 64 b7 ac f4 48 e9 a2 68 e3 27 db 1f fb 48 fb 0a 7b 4e de 94 b2 25 a0 7a 66 22 66 23 b6 a3 a3 90 f2 9e 27 cf e5 3b 27 8f fc 3f ff f5 df 1b e3 79 3e 12 8c e7 9d dc e7 a4 24 45 b0 b0 25 89 2f 08 0d 16 6c ec 6f 94 37 e2 56 3d 71 f9 f4 25 29 3a 2c f6 4c 53 2f 8e c5 e3 8c f2 71 a7 a0 7f 9d b3 82 76 bb fa 61 80 7d e0 95 05 05 15 f3 22 ef 30 18 74 a3 17 60 79 66 ca 32 5d 26 ee 0b fe e0 d3 38 a7 0f 9d b3 a2 e0 85 ef 9d 26 79 ce 45 67 cc f2 b4 33 e5 e9 3c a3 9d ef bc 4d b1 e9 7d e7 05 41 38 e2 29 8d bd 8b cb f7 3f 7e 38 bb fb 78 79 7d f7 fd e5 8f 1f df 7b 84 2e 59 8c 4b 8e 17 f4 eb 8c 17 a2 8c 16 cb 25 c1 a5 df f4 6e c3 51
                                                                                                                                                                                                                                                                                              Data Ascii: \RH?Oa4niILEOQ,AVdHh'H{N%zf"f#';'?y>$E%/lo7V=q%):,LS/qva}"0t`yf2]&8&yEg3<M}A8)?~8xy}{.YK%nQ


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              50192.168.11.2056009142.251.16.1054432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC701OUTGET /recaptcha/api.js?onload=ccleaner_recaptcha_onloadCallback&render=explicit HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwB
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: CONSENT=YES+srp.gws-20210811-0-RC2.en+FX+979
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC528INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Type: text/javascript; charset=utf-8
                                                                                                                                                                                                                                                                                              Expires: Sun, 26 May 2024 12:44:39 GMT
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:39 GMT
                                                                                                                                                                                                                                                                                              Cache-Control: private, max-age=300
                                                                                                                                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                                                                                              Content-Security-Policy: frame-ancestors 'self'
                                                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                              Server: GSE
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Accept-Ranges: none
                                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC727INData Raw: 35 64 34 0d 0a 2f 2a 20 50 4c 45 41 53 45 20 44 4f 20 4e 4f 54 20 43 4f 50 59 20 41 4e 44 20 50 41 53 54 45 20 54 48 49 53 20 43 4f 44 45 2e 20 2a 2f 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 77 3d 77 69 6e 64 6f 77 2c 43 3d 27 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 27 2c 63 66 67 3d 77 5b 43 5d 3d 77 5b 43 5d 7c 7c 7b 7d 2c 4e 3d 27 67 72 65 63 61 70 74 63 68 61 27 3b 76 61 72 20 67 72 3d 77 5b 4e 5d 3d 77 5b 4e 5d 7c 7c 7b 7d 3b 67 72 2e 72 65 61 64 79 3d 67 72 2e 72 65 61 64 79 7c 7c 66 75 6e 63 74 69 6f 6e 28 66 29 7b 28 63 66 67 5b 27 66 6e 73 27 5d 3d 63 66 67 5b 27 66 6e 73 27 5d 7c 7c 5b 5d 29 2e 70 75 73 68 28 66 29 3b 7d 3b 77 5b 27 5f 5f 72 65 63 61 70 74 63 68 61 5f 61 70 69 27 5d 3d 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67
                                                                                                                                                                                                                                                                                              Data Ascii: 5d4/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};w['__recaptcha_api']='https://www.g
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC772INData Raw: 4c 32 64 76 62 32 64 73 5a 53 35 6a 62 32 30 36 4e 44 51 7a 49 69 77 69 5a 6d 56 68 64 48 56 79 5a 53 49 36 49 6b 52 70 63 32 46 69 62 47 56 55 61 47 6c 79 5a 46 42 68 63 6e 52 35 55 33 52 76 63 6d 46 6e 5a 56 42 68 63 6e 52 70 64 47 6c 76 62 6d 6c 75 5a 79 49 73 49 6d 56 34 63 47 6c 79 65 53 49 36 4d 54 63 79 4e 54 51 77 4e 7a 6b 35 4f 53 77 69 61 58 4e 54 64 57 4a 6b 62 32 31 68 61 57 34 69 4f 6e 52 79 64 57 55 73 49 6d 6c 7a 56 47 68 70 63 6d 52 51 59 58 4a 30 65 53 49 36 64 48 4a 31 5a 58 30 3d 27 3b 69 66 28 76 26 26 76 2e 63 6f 6f 6b 69 65 44 65 70 72 65 63 61 74 69 6f 6e 4c 61 62 65 6c 29 7b 76 2e 63 6f 6f 6b 69 65 44 65 70 72 65 63 61 74 69 6f 6e 4c 61 62 65 6c 2e 67 65 74 56 61 6c 75 65 28 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 6c 29 7b
                                                                                                                                                                                                                                                                                              Data Ascii: L2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IkRpc2FibGVUaGlyZFBhcnR5U3RvcmFnZVBhcnRpdGlvbmluZyIsImV4cGlyeSI6MTcyNTQwNzk5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=';if(v&&v.cookieDeprecationLabel){v.cookieDeprecationLabel.getValue().then(function(l){
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              51192.168.11.206503840.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 8927
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC8927OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:38 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 4305
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC4305INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              52192.168.11.205455434.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 325
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC325OUTData Raw: 0a c2 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 83 01 0a 03 3b 03 01 10 e6 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 5d 0a 0c 63 63 36 20 72 65 73 65 61 72 63 68 12 09 44 65 74 65 63 74 69 6f 6e 1a 10 77 65 62 76 69 65 77 32 20 3a 3a 20 6e 75 6c 6c 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(Z]cc6 researchDetectionwebview2 :: null (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.110
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:39 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              53192.168.11.2051608104.19.178.524432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC430OUTGET /consent/831b8ee0-e952-49a5-af6b-01382c722774/831b8ee0-e952-49a5-af6b-01382c722774.json HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC902INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:39 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/x-javascript
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              CF-Ray: 889ddb9b6a4e0674-IAD
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Age: 69455
                                                                                                                                                                                                                                                                                              Cache-Control: public, max-age=86400
                                                                                                                                                                                                                                                                                              Expires: Mon, 27 May 2024 12:44:39 GMT
                                                                                                                                                                                                                                                                                              Last-Modified: Mon, 20 Jun 2022 08:17:01 GMT
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Content-MD5: +ktymhPnSWqyEqeVb81i+w==
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-request-id: ce112a14-f01e-0004-2e08-7cb484000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC467INData Raw: 66 65 63 0d 0a 7b 22 43 6f 6f 6b 69 65 53 50 41 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 4d 75 6c 74 69 56 61 72 69 61 6e 74 54 65 73 74 69 6e 67 45 6e 61 62 6c 65 64 22 3a 66 61 6c 73 65 2c 22 55 73 65 56 32 22 3a 74 72 75 65 2c 22 4d 6f 62 69 6c 65 53 44 4b 22 3a 66 61 6c 73 65 2c 22 53 6b 69 70 47 65 6f 6c 6f 63 61 74 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 53 63 72 69 70 74 54 79 70 65 22 3a 22 50 52 4f 44 55 43 54 49 4f 4e 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 36 2e 33 36 2e 30 22 2c 22 4f 70 74 61 6e 6f 6e 44 61 74 61 4a 53 4f 4e 22 3a 22 38 33 31 62 38 65 65 30 2d 65 39 35 32 2d 34 39 61 35 2d 61 66 36 62 2d 30 31 33 38 32 63 37 32 32 37 37 34 22 2c 22 47 65 6f 6c 6f 63 61 74 69 6f 6e 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 67 65 6f 6c 6f 63
                                                                                                                                                                                                                                                                                              Data Ascii: fec{"CookieSPAEnabled":false,"MultiVariantTestingEnabled":false,"UseV2":true,"MobileSDK":false,"SkipGeolocation":false,"ScriptType":"PRODUCTION","Version":"6.36.0","OptanonDataJSON":"831b8ee0-e952-49a5-af6b-01382c722774","GeolocationUrl":"https://geoloc
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC1369INData Raw: 44 50 52 29 22 2c 22 43 6f 75 6e 74 72 69 65 73 22 3a 5b 22 70 72 22 2c 22 70 73 22 2c 22 70 77 22 2c 22 70 79 22 2c 22 71 61 22 2c 22 61 64 22 2c 22 61 65 22 2c 22 61 66 22 2c 22 61 67 22 2c 22 61 69 22 2c 22 61 6c 22 2c 22 61 6d 22 2c 22 61 6f 22 2c 22 61 71 22 2c 22 61 72 22 2c 22 61 73 22 2c 22 61 75 22 2c 22 61 77 22 2c 22 61 7a 22 2c 22 62 61 22 2c 22 62 62 22 2c 22 72 73 22 2c 22 62 64 22 2c 22 72 75 22 2c 22 62 66 22 2c 22 72 77 22 2c 22 62 68 22 2c 22 62 69 22 2c 22 62 6a 22 2c 22 62 6c 22 2c 22 62 6d 22 2c 22 62 6e 22 2c 22 62 6f 22 2c 22 73 61 22 2c 22 62 71 22 2c 22 73 62 22 2c 22 62 72 22 2c 22 73 63 22 2c 22 62 73 22 2c 22 73 64 22 2c 22 62 74 22 2c 22 62 76 22 2c 22 73 67 22 2c 22 73 68 22 2c 22 62 77 22 2c 22 62 79 22 2c 22 73 6a 22 2c 22
                                                                                                                                                                                                                                                                                              Data Ascii: DPR)","Countries":["pr","ps","pw","py","qa","ad","ae","af","ag","ai","al","am","ao","aq","ar","as","au","aw","az","ba","bb","rs","bd","ru","bf","rw","bh","bi","bj","bl","bm","bn","bo","sa","bq","sb","br","sc","bs","sd","bt","bv","sg","sh","bw","by","sj","
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC1369INData Raw: 44 50 52 20 74 65 6d 70 6c 61 74 65 2e 22 2c 22 43 6f 6e 64 69 74 69 6f 6e 73 22 3a 5b 5d 2c 22 47 43 45 6e 61 62 6c 65 22 3a 66 61 6c 73 65 7d 2c 7b 22 49 64 22 3a 22 32 36 62 65 64 30 30 37 2d 36 63 37 30 2d 34 64 61 37 2d 62 38 33 30 2d 32 35 65 32 35 63 36 34 34 33 33 36 22 2c 22 4e 61 6d 65 22 3a 22 49 72 65 6c 61 6e 64 20 28 41 6c 6c 20 4f 70 74 2d 69 6e 29 22 2c 22 43 6f 75 6e 74 72 69 65 73 22 3a 5b 22 69 65 22 5d 2c 22 53 74 61 74 65 73 22 3a 7b 7d 2c 22 4c 61 6e 67 75 61 67 65 53 77 69 74 63 68 65 72 50 6c 61 63 65 68 6f 6c 64 65 72 22 3a 7b 22 64 65 22 3a 22 64 65 22 2c 22 64 65 66 61 75 6c 74 22 3a 22 65 6e 22 2c 22 72 75 22 3a 22 72 75 22 2c 22 70 74 22 3a 22 70 74 22 2c 22 69 74 22 3a 22 69 74 22 2c 22 66 72 22 3a 22 66 72 22 2c 22 65 73 22
                                                                                                                                                                                                                                                                                              Data Ascii: DPR template.","Conditions":[],"GCEnable":false},{"Id":"26bed007-6c70-4da7-b830-25e25c644336","Name":"Ireland (All Opt-in)","Countries":["ie"],"States":{},"LanguageSwitcherPlaceholder":{"de":"de","default":"en","ru":"ru","pt":"pt","it":"it","fr":"fr","es"
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC878INData Raw: 30 38 3a 31 37 3a 30 30 2e 38 33 37 32 31 37 22 2c 22 63 6d 70 49 64 22 3a 22 32 38 22 2c 22 63 6d 70 56 65 72 73 69 6f 6e 22 3a 22 31 22 2c 22 63 6f 6e 73 65 6e 74 53 63 72 65 65 6e 22 3a 22 31 22 2c 22 63 6f 6e 73 65 6e 74 4c 61 6e 67 75 61 67 65 22 3a 6e 75 6c 6c 2c 22 76 65 6e 64 6f 72 4c 69 73 74 56 65 72 73 69 6f 6e 22 3a 30 2c 22 6d 61 78 56 65 6e 64 6f 72 49 64 22 3a 30 2c 22 65 6e 63 6f 64 69 6e 67 54 79 70 65 22 3a 22 30 22 2c 22 67 6c 6f 62 61 6c 56 65 6e 64 6f 72 4c 69 73 74 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 63 64 6e 2e 63 6f 6f 6b 69 65 6c 61 77 2e 6f 72 67 2f 76 65 6e 64 6f 72 6c 69 73 74 2f 69 61 62 32 44 61 74 61 2e 6a 73 6f 6e 22 7d 2c 22 47 6f 6f 67 6c 65 44 61 74 61 22 3a 7b 22 76 65 6e 64 6f 72 4c 69 73 74 56 65 72 73 69 6f 6e
                                                                                                                                                                                                                                                                                              Data Ascii: 08:17:00.837217","cmpId":"28","cmpVersion":"1","consentScreen":"1","consentLanguage":null,"vendorListVersion":0,"maxVendorId":0,"encodingType":"0","globalVendorListUrl":"https://cdn.cookielaw.org/vendorlist/iab2Data.json"},"GoogleData":{"vendorListVersion
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              54192.168.11.205161034.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 320
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC320OUTData Raw: 0a bd 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 7f 0a 03 3b 03 01 10 e8 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 59 0a 15 53 6d 61 72 74 43 6c 65 61 6e 3a 4a 75 6e 6b 41 6c 65 72 74 73 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 02 18 01 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(ZYSmartClean:JunkAlertsActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/1
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:39 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              55192.168.11.2057760172.64.155.1194432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC602OUTGET /cookieconsentpub/v1/geo/location HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: geolocation.onetrust.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              accept: application/json
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC370INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:39 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/json
                                                                                                                                                                                                                                                                                              Content-Length: 81
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Headers: Content-Type
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Methods: GET, OPTIONS
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              CF-RAY: 889ddb9c0c9d13c3-IAD
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC81INData Raw: 7b 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 73 74 61 74 65 22 3a 22 44 43 22 2c 22 73 74 61 74 65 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 4e 41 22 7d
                                                                                                                                                                                                                                                                                              Data Ascii: {"country":"US","state":"DC","stateName":"District of Columbia","continent":"NA"}


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              56192.168.11.205779634.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 580
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC580OUTData Raw: 0a c1 04 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 82 03 0a 03 3b 03 01 10 e6 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a db 02 0a 07 53 74 61 72 74 75 70 12 0a 6d 6f 6e 69 74 6f 72 69 6e 67 1a 16 63 63 6c 65 61 6e 65 72 20 73 74 61 72 74 75 70 20 65 76 65 6e 74 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 01 18 00 42 84 02 08 00 10 00 1a 03 31 2d 61 22 11 0a 0b 41 75 74 6f 55 70 64 61 74 65 73 12 02 6f 6e 22 0d 0a 07 49 73 41 64 6d 69 6e 12 02 6f
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(ZStartupmonitoringccleaner startup event (2B1-a"AutoUpdateson"IsAdmino
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:39 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              57192.168.11.205845254.146.244.2284432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC722OUTGET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1716727478319 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: dpm.demdex.net
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC819INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                                                                                              Content-Length: 367
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              X-TID: JvpKcjJrRdM=
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: Thu, 01 Jan 1970 00:00:00 UTC
                                                                                                                                                                                                                                                                                              P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Vary: Origin
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                              DCS: dcs-prod-va6-2-v060-073949878.edge-va6.demdex.com 3 ms
                                                                                                                                                                                                                                                                                              set-cookie: demdex=12420529992577389502124774616857229634; Max-Age=15552000; Expires=Fri, 22 Nov 2024 12:44:40 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC367INData Raw: 7b 22 64 5f 6d 69 64 22 3a 22 31 32 35 38 36 37 30 33 31 38 35 31 37 36 36 36 34 32 33 32 31 30 35 33 34 32 38 31 34 31 31 38 31 36 33 39 35 35 22 2c 22 69 64 5f 73 79 6e 63 5f 74 74 6c 22 3a 36 30 34 38 30 30 2c 22 64 5f 62 6c 6f 62 22 3a 22 36 47 31 79 6e 59 63 4c 50 75 69 51 78 59 5a 72 73 7a 5f 70 6b 71 66 4c 47 39 79 4d 58 42 70 62 32 7a 58 35 64 76 4a 64 59 51 4a 7a 50 58 49 6d 64 6a 30 79 22 2c 22 64 63 73 5f 72 65 67 69 6f 6e 22 3a 37 2c 22 64 5f 6f 74 74 6c 22 3a 37 32 30 30 2c 22 69 62 73 22 3a 5b 7b 22 69 64 22 3a 22 34 31 31 22 2c 22 74 74 6c 22 3a 31 30 30 38 30 2c 22 74 61 67 22 3a 22 69 6d 67 22 2c 22 66 69 72 65 55 52 4c 53 79 6e 63 22 3a 31 2c 22 73 79 6e 63 4f 6e 50 61 67 65 22 3a 31 2c 22 75 72 6c 22 3a 5b 22 2f 2f 63 6d 2e 65 76 65 72
                                                                                                                                                                                                                                                                                              Data Ascii: {"d_mid":"12586703185176664232105342814118163955","id_sync_ttl":604800,"d_blob":"6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y","dcs_region":7,"d_ottl":7200,"ibs":[{"id":"411","ttl":10080,"tag":"img","fireURLSync":1,"syncOnPage":1,"url":["//cm.ever


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              58192.168.11.206415934.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 325
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC325OUTData Raw: 0a c2 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 83 01 0a 03 3b 03 01 10 e8 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 5d 0a 18 53 6d 61 72 74 43 6c 65 61 6e 3a 42 72 6f 77 73 65 72 41 6c 65 72 74 73 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 03 6f 66 66 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 02 18 01 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(Z]SmartClean:BrowserAlertsActivationoff (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.110
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              59192.168.11.2065228172.64.155.1194432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:39 UTC383OUTGET /cookieconsentpub/v1/geo/location HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: geolocation.onetrust.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC249INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/javascript
                                                                                                                                                                                                                                                                                              Content-Length: 92
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              CF-RAY: 889ddb9f198f2d17-IAD
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC92INData Raw: 6a 73 6f 6e 46 65 65 64 28 7b 22 63 6f 75 6e 74 72 79 22 3a 22 55 53 22 2c 22 73 74 61 74 65 22 3a 22 44 43 22 2c 22 73 74 61 74 65 4e 61 6d 65 22 3a 22 44 69 73 74 72 69 63 74 20 6f 66 20 43 6f 6c 75 6d 62 69 61 22 2c 22 63 6f 6e 74 69 6e 65 6e 74 22 3a 22 4e 41 22 7d 29 3b
                                                                                                                                                                                                                                                                                              Data Ascii: jsonFeed({"country":"US","state":"DC","stateName":"District of Columbia","continent":"NA"});


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              60192.168.11.2051310104.19.178.524432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC557OUTGET /scripttemplates/6.36.0/otBannerSdk.js HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC815INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-MD5: 8atDBk1Pe2rTtV5h1AnhkA==
                                                                                                                                                                                                                                                                                              Last-Modified: Tue, 07 Jun 2022 19:29:06 GMT
                                                                                                                                                                                                                                                                                              x-ms-request-id: 538af368-601e-0039-207f-22c29f000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Age: 58728
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              CF-RAY: 889ddb9f8dda82ab-IAD
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC554INData Raw: 37 63 37 32 0d 0a 2f 2a 2a 20 0a 20 2a 20 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 0a 20 2a 20 76 36 2e 33 36 2e 30 0a 20 2a 20 62 79 20 4f 6e 65 54 72 75 73 74 20 4c 4c 43 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 32 20 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6f 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 28 6f 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 7c 7c 7b 5f 5f 70 72 6f 74 6f 5f 5f 3a 5b 5d 7d 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 26 26 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 74 7d 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6f 20 69 6e 20 74 29
                                                                                                                                                                                                                                                                                              Data Ascii: 7c72/** * onetrust-banner-sdk * v6.36.0 * by OneTrust LLC * Copyright 2022 */!function(){"use strict";var o=function(e,t){return(o=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var o in t)
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1369INData Raw: 29 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 6f 28 65 29 7b 74 72 79 7b 72 28 6c 2e 6e 65 78 74 28 65 29 29 7d 63 61 74 63 68 28 65 29 7b 74 28 65 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 6e 28 65 29 7b 74 72 79 7b 72 28 6c 2e 74 68 72 6f 77 28 65 29 29 7d 63 61 74 63 68 28 65 29 7b 74 28 65 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 72 28 74 29 7b 74 2e 64 6f 6e 65 3f 65 28 74 2e 76 61 6c 75 65 29 3a 6e 65 77 20 61 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 28 74 2e 76 61 6c 75 65 29 7d 29 2e 74 68 65 6e 28 6f 2c 6e 29 7d 72 28 28 6c 3d 6c 2e 61 70 70 6c 79 28 69 2c 73 7c 7c 5b 5d 29 29 2e 6e 65 78 74 28 29 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 43 28 6f 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 73 2c 65 2c 61 3d 7b 6c 61 62 65 6c 3a 30 2c 73
                                                                                                                                                                                                                                                                                              Data Ascii: )(function(e,t){function o(e){try{r(l.next(e))}catch(e){t(e)}}function n(e){try{r(l.throw(e))}catch(e){t(e)}}function r(t){t.done?e(t.value):new a(function(e){e(t.value)}).then(o,n)}r((l=l.apply(i,s||[])).next())})}function C(o,n){var r,i,s,e,a={label:0,s
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1369INData Raw: 29 2c 72 3d 30 3b 66 6f 72 28 74 3d 30 3b 74 3c 6f 3b 74 2b 2b 29 66 6f 72 28 76 61 72 20 69 3d 61 72 67 75 6d 65 6e 74 73 5b 74 5d 2c 73 3d 30 2c 61 3d 69 2e 6c 65 6e 67 74 68 3b 73 3c 61 3b 73 2b 2b 2c 72 2b 2b 29 6e 5b 72 5d 3d 69 5b 73 5d 3b 72 65 74 75 72 6e 20 6e 7d 28 65 3d 6b 3d 6b 7c 7c 7b 7d 29 5b 65 2e 41 43 54 49 56 45 3d 30 5d 3d 22 41 43 54 49 56 45 22 2c 65 5b 65 2e 41 4c 57 41 59 53 5f 41 43 54 49 56 45 3d 31 5d 3d 22 41 4c 57 41 59 53 5f 41 43 54 49 56 45 22 2c 65 5b 65 2e 45 58 50 49 52 45 44 3d 32 5d 3d 22 45 58 50 49 52 45 44 22 2c 65 5b 65 2e 4e 4f 5f 43 4f 4e 53 45 4e 54 3d 33 5d 3d 22 4e 4f 5f 43 4f 4e 53 45 4e 54 22 2c 65 5b 65 2e 4f 50 54 5f 4f 55 54 3d 34 5d 3d 22 4f 50 54 5f 4f 55 54 22 2c 65 5b 65 2e 50 45 4e 44 49 4e 47 3d 35
                                                                                                                                                                                                                                                                                              Data Ascii: ),r=0;for(t=0;t<o;t++)for(var i=arguments[t],s=0,a=i.length;s<a;s++,r++)n[r]=i[s];return n}(e=k=k||{})[e.ACTIVE=0]="ACTIVE",e[e.ALWAYS_ACTIVE=1]="ALWAYS_ACTIVE",e[e.EXPIRED=2]="EXPIRED",e[e.NO_CONSENT=3]="NO_CONSENT",e[e.OPT_OUT=4]="OPT_OUT",e[e.PENDING=5
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1369INData Raw: 65 64 69 61 74 65 46 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 2e 5f 68 61 6e 64 6c 65 64 7c 7c 69 2e 5f 75 6e 68 61 6e 64 6c 65 64 52 65 6a 65 63 74 69 6f 6e 46 6e 28 65 2e 5f 76 61 6c 75 65 29 7d 29 3b 66 6f 72 28 76 61 72 20 74 3d 30 2c 6f 3d 65 2e 5f 64 65 66 65 72 72 65 64 73 2e 6c 65 6e 67 74 68 3b 74 3c 6f 3b 74 2b 2b 29 73 28 65 2c 65 2e 5f 64 65 66 65 72 72 65 64 73 5b 74 5d 29 3b 65 2e 5f 64 65 66 65 72 72 65 64 73 3d 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 70 28 65 2c 74 2c 6f 29 7b 74 68 69 73 2e 6f 6e 46 75 6c 66 69 6c 6c 65 64 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 65 3f 65 3a 6e 75 6c 6c 2c 74 68 69 73 2e 6f 6e 52 65 6a 65 63 74 65 64 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 3f 74 3a 6e 75 6c 6c
                                                                                                                                                                                                                                                                                              Data Ascii: ediateFn(function(){e._handled||i._unhandledRejectionFn(e._value)});for(var t=0,o=e._deferreds.length;t<o;t++)s(e,e._deferreds[t]);e._deferreds=null}function p(e,t,o){this.onFulfilled="function"==typeof e?e:null,this.onRejected="function"==typeof t?t:null
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1369INData Raw: 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 21 6c 28 72 29 29 72 65 74 75 72 6e 20 74 28 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 50 72 6f 6d 69 73 65 2e 72 61 63 65 20 61 63 63 65 70 74 73 20 61 6e 20 61 72 72 61 79 22 29 29 3b 66 6f 72 28 76 61 72 20 6f 3d 30 2c 6e 3d 72 2e 6c 65 6e 67 74 68 3b 6f 3c 6e 3b 6f 2b 2b 29 69 2e 72 65 73 6f 6c 76 65 28 72 5b 6f 5d 29 2e 74 68 65 6e 28 65 2c 74 29 7d 29 7d 2c 69 2e 5f 69 6d 6d 65 64 69 61 74 65 46 6e 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 73 65 74 49 6d 6d 65 64 69 61 74 65 3f 66 75 6e 63 74 69 6f 6e 28 65 29 7b 73 65 74 49 6d 6d 65 64 69 61 74 65 28 65 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 28 65 2c 30 29 7d 2c 69 2e 5f 75 6e 68 61 6e 64 6c 65 64 52 65 6a 65 63 74 69
                                                                                                                                                                                                                                                                                              Data Ascii: function(e,t){if(!l(r))return t(new TypeError("Promise.race accepts an array"));for(var o=0,n=r.length;o<n;o++)i.resolve(r[o]).then(e,t)})},i._immediateFn="function"==typeof setImmediate?function(e){setImmediate(e)}:function(e){t(e,0)},i._unhandledRejecti
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1369INData Raw: 72 6f 70 65 72 74 79 28 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2c 22 65 6e 64 73 57 69 74 68 22 2c 7b 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 28 76 6f 69 64 20 30 3d 3d 3d 74 7c 7c 74 3e 74 68 69 73 2e 6c 65 6e 67 74 68 29 26 26 28 74 3d 74 68 69 73 2e 6c 65 6e 67 74 68 29 2c 74 68 69 73 2e 73 75 62 73 74 72 69 6e 67 28 74 2d 65 2e 6c 65 6e 67 74 68 2c 74 29 3d 3d 3d 65 7d 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 7d 2c 67 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 69 74 43 6c 6f 73 65 73 74 50 6f 6c 79 66 69 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 45 6c 65 6d 65 6e 74 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 61 74 63 68 65 73 7c 7c 28 45 6c 65 6d 65 6e 74 2e 70 72 6f
                                                                                                                                                                                                                                                                                              Data Ascii: roperty(String.prototype,"endsWith",{value:function(e,t){return(void 0===t||t>this.length)&&(t=this.length),this.substring(t-e.length,t)===e},writable:!0,configurable:!0})},g.prototype.initClosestPolyfill=function(){Element.prototype.matches||(Element.pro
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1369INData Raw: 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 6e 75 6c 6c 3d 3d 74 68 69 73 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 74 68 69 73 20 69 73 20 6e 75 6c 6c 20 6f 72 20 6e 6f 74 20 64 65 66 69 6e 65 64 22 29 3b 66 6f 72 28 76 61 72 20 74 3d 4f 62 6a 65 63 74 28 74 68 69 73 29 2c 6f 3d 74 2e 6c 65 6e 67 74 68 3e 3e 3e 30 2c 6e 3d 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3e 3e 30 2c 72 3d 6e 3c 30 3f 4d 61 74 68 2e 6d 61 78 28 6f 2b 6e 2c 30 29 3a 4d 61 74 68 2e 6d 69 6e 28 6e 2c 6f 29 2c 69 3d 61 72 67 75 6d 65 6e 74 73 5b 32 5d 2c 73 3d 76 6f 69 64 20 30 3d 3d 3d 69 3f 6f 3a 69 3e 3e 30 2c 61 3d 73 3c 30 3f 4d 61 74 68 2e 6d 61 78 28 6f 2b 73 2c 30 29 3a 4d 61 74 68 2e 6d 69 6e 28 73 2c 6f 29 3b 72 3c 61 3b 29 74 5b 72 5d 3d 65
                                                                                                                                                                                                                                                                                              Data Ascii: lue:function(e){if(null==this)throw new TypeError("this is null or not defined");for(var t=Object(this),o=t.length>>>0,n=arguments[1]>>0,r=n<0?Math.max(o+n,0):Math.min(n,o),i=arguments[2],s=void 0===i?o:i>>0,a=s<0?Math.max(o+s,0):Math.min(s,o);r<a;)t[r]=e
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1369INData Raw: 22 2c 28 54 3d 41 3d 41 7c 7c 7b 7d 29 5b 54 2e 50 75 72 70 6f 73 65 3d 31 5d 3d 22 50 75 72 70 6f 73 65 22 2c 54 5b 54 2e 53 70 65 63 69 61 6c 46 65 61 74 75 72 65 3d 32 5d 3d 22 53 70 65 63 69 61 6c 46 65 61 74 75 72 65 22 2c 28 49 3d 47 3d 47 7c 7c 7b 7d 29 2e 4c 65 67 61 6c 3d 22 6c 65 67 61 6c 22 2c 49 2e 55 73 65 72 46 72 69 65 6e 64 6c 79 3d 22 75 73 65 72 5f 66 72 69 65 6e 64 6c 79 22 2c 28 4c 3d 45 3d 45 7c 7c 7b 7d 29 2e 54 6f 70 3d 22 74 6f 70 22 2c 4c 2e 42 6f 74 74 6f 6d 3d 22 62 6f 74 74 6f 6d 22 2c 28 56 3d 5f 3d 5f 7c 7c 7b 7d 29 5b 56 2e 42 61 6e 6e 65 72 3d 30 5d 3d 22 42 61 6e 6e 65 72 22 2c 56 5b 56 2e 50 72 65 66 43 65 6e 74 65 72 48 6f 6d 65 3d 31 5d 3d 22 50 72 65 66 43 65 6e 74 65 72 48 6f 6d 65 22 2c 56 5b 56 2e 56 65 6e 64 6f 72
                                                                                                                                                                                                                                                                                              Data Ascii: ",(T=A=A||{})[T.Purpose=1]="Purpose",T[T.SpecialFeature=2]="SpecialFeature",(I=G=G||{}).Legal="legal",I.UserFriendly="user_friendly",(L=E=E||{}).Top="top",L.Bottom="bottom",(V=_=_||{})[V.Banner=0]="Banner",V[V.PrefCenterHome=1]="PrefCenterHome",V[V.Vendor
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1369INData Raw: 2e 6d 69 6e 44 61 79 73 3d 31 5d 3d 22 6d 69 6e 44 61 79 73 22 2c 5a 5b 5a 2e 6d 61 78 44 61 79 73 3d 33 30 5d 3d 22 6d 61 78 44 61 79 73 22 2c 5a 5b 5a 2e 6d 61 78 59 65 61 72 3d 33 31 35 33 36 65 33 5d 3d 22 6d 61 78 59 65 61 72 22 2c 5a 5b 5a 2e 6d 61 78 53 65 63 54 6f 44 61 79 73 3d 38 36 34 30 30 5d 3d 22 6d 61 78 53 65 63 54 6f 44 61 79 73 22 2c 28 74 65 3d 65 65 3d 65 65 7c 7c 7b 7d 29 5b 74 65 2e 52 54 4c 3d 30 5d 3d 22 52 54 4c 22 2c 74 65 5b 74 65 2e 4c 54 52 3d 31 5d 3d 22 4c 54 52 22 2c 28 6e 65 3d 6f 65 3d 6f 65 7c 7c 7b 7d 29 5b 6e 65 2e 47 6f 6f 67 6c 65 56 65 6e 64 6f 72 3d 31 5d 3d 22 47 6f 6f 67 6c 65 56 65 6e 64 6f 72 22 2c 6e 65 5b 6e 65 2e 47 65 6e 65 72 61 6c 56 65 6e 64 6f 72 3d 32 5d 3d 22 47 65 6e 65 72 61 6c 56 65 6e 64 6f 72 22
                                                                                                                                                                                                                                                                                              Data Ascii: .minDays=1]="minDays",Z[Z.maxDays=30]="maxDays",Z[Z.maxYear=31536e3]="maxYear",Z[Z.maxSecToDays=86400]="maxSecToDays",(te=ee=ee||{})[te.RTL=0]="RTL",te[te.LTR=1]="LTR",(ne=oe=oe||{})[ne.GoogleVendor=1]="GoogleVendor",ne[ne.GeneralVendor=2]="GeneralVendor"
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1369INData Raw: 49 41 42 47 6c 6f 62 61 6c 22 2c 78 65 3d 22 4e 6f 74 4c 61 6e 64 69 6e 67 50 61 67 65 22 2c 47 65 3d 22 69 73 47 70 63 45 6e 61 62 6c 65 64 22 2c 4f 65 3d 7b 41 44 44 49 54 49 4f 4e 41 4c 5f 43 4f 4e 53 45 4e 54 5f 53 54 52 49 4e 47 3a 22 4f 54 41 64 64 69 74 69 6f 6e 61 6c 43 6f 6e 73 65 6e 74 53 74 72 69 6e 67 22 2c 41 4c 45 52 54 5f 42 4f 58 5f 43 4c 4f 53 45 44 3a 22 4f 70 74 61 6e 6f 6e 41 6c 65 72 74 42 6f 78 43 6c 6f 73 65 64 22 2c 4f 50 54 41 4e 4f 4e 5f 43 4f 4e 53 45 4e 54 3a 22 4f 70 74 61 6e 6f 6e 43 6f 6e 73 65 6e 74 22 2c 45 55 5f 50 55 42 5f 43 4f 4e 53 45 4e 54 3a 22 65 75 70 75 62 63 6f 6e 73 65 6e 74 2d 76 32 22 2c 45 55 5f 43 4f 4e 53 45 4e 54 3a 22 65 75 63 6f 6e 73 65 6e 74 2d 76 32 22 2c 53 45 4c 45 43 54 45 44 5f 56 41 52 49 41 4e
                                                                                                                                                                                                                                                                                              Data Ascii: IABGlobal",xe="NotLandingPage",Ge="isGpcEnabled",Oe={ADDITIONAL_CONSENT_STRING:"OTAdditionalConsentString",ALERT_BOX_CLOSED:"OptanonAlertBoxClosed",OPTANON_CONSENT:"OptanonConsent",EU_PUB_CONSENT:"eupubconsent-v2",EU_CONSENT:"euconsent-v2",SELECTED_VARIAN


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              61192.168.11.2049188142.251.16.1054432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC930OUTPOST /pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=2125617828.1716727479&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060&dma=0&npa=0&gtm=45He45m0n71KFXRTRv71945860za200&auid=1566402970.1716727479 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwB
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: CONSENT=YES+srp.gws-20210811-0-RC2.en+FX+979
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC862INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                              P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                                              Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                                                                                                                              Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                                              Location: https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=2125617828.1716727479&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060&dma=0&npa=0&gtm=45He45m0n71KFXRTRv71945860za200&auid=1566402970.1716727479
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cafe
                                                                                                                                                                                                                                                                                              Content-Length: 42
                                                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              62192.168.11.204925434.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 254
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC254OUTData Raw: 0a fb 01 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 3d 0a 03 3b 09 01 10 e6 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 17 08 99 3d 12 08 0a 04 48 4b 4c 4d 10 06 12 08 0a 04 48 4b 43 55 10 06 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04 40 12 52 08 08 01 10 b6 dd cc b2 06
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557=;HealthCheckNF1(Z=HKLMHKCU`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H@R
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              63192.168.11.206450754.146.244.2284432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC522OUTGET /id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=67C716D751E567F70A490D4C%40AdobeOrg&d_nsid=0&ts=1716727478319 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: dpm.demdex.net
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: demdex=12420529992577389502124774616857229634
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC710INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/json;charset=utf-8
                                                                                                                                                                                                                                                                                              Content-Length: 367
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              X-TID: J5aOq/G5S6c=
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: Thu, 01 Jan 1970 00:00:00 UTC
                                                                                                                                                                                                                                                                                              P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
                                                                                                                                                                                                                                                                                              DCS: dcs-prod-va6-2-v060-049c33267.edge-va6.demdex.com 2 ms
                                                                                                                                                                                                                                                                                              set-cookie: demdex=12420529992577389502124774616857229634; Max-Age=15552000; Expires=Fri, 22 Nov 2024 12:44:40 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC367INData Raw: 7b 22 64 5f 6d 69 64 22 3a 22 31 32 35 38 36 37 30 33 31 38 35 31 37 36 36 36 34 32 33 32 31 30 35 33 34 32 38 31 34 31 31 38 31 36 33 39 35 35 22 2c 22 69 64 5f 73 79 6e 63 5f 74 74 6c 22 3a 36 30 34 38 30 30 2c 22 64 5f 62 6c 6f 62 22 3a 22 52 4b 68 70 52 7a 38 6b 72 67 32 74 4c 4f 36 70 67 75 58 57 70 35 6f 6c 6b 41 63 55 6e 69 51 59 50 48 61 4d 57 57 67 64 4a 33 78 7a 50 57 51 6d 64 6a 30 79 22 2c 22 64 63 73 5f 72 65 67 69 6f 6e 22 3a 37 2c 22 64 5f 6f 74 74 6c 22 3a 37 32 30 30 2c 22 69 62 73 22 3a 5b 7b 22 69 64 22 3a 22 34 31 31 22 2c 22 74 74 6c 22 3a 31 30 30 38 30 2c 22 74 61 67 22 3a 22 69 6d 67 22 2c 22 66 69 72 65 55 52 4c 53 79 6e 63 22 3a 31 2c 22 73 79 6e 63 4f 6e 50 61 67 65 22 3a 31 2c 22 75 72 6c 22 3a 5b 22 2f 2f 63 6d 2e 65 76 65 72
                                                                                                                                                                                                                                                                                              Data Ascii: {"d_mid":"12586703185176664232105342814118163955","id_sync_ttl":604800,"d_blob":"RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y","dcs_region":7,"d_ottl":7200,"ibs":[{"id":"411","ttl":10080,"tag":"img","fireURLSync":1,"syncOnPage":1,"url":["//cm.ever


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              64192.168.11.206451134.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 306
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC306OUTData Raw: 0a af 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 71 0a 03 3b 03 01 10 e8 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 4b 0a 07 53 6b 69 70 55 41 43 12 0a 41 63 74 69 76 61 74 69 6f 6e 1a 02 6f 6e 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 02 18 01 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557q;HealthCheckNF1(ZKSkipUACActivationon (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.11060"/10.0 (Build 190
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              65192.168.11.206009931.13.66.194432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC540OUTGET /en_US/fbevents.js HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: connect.facebook.net
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1465INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                              timing-allow-origin: *
                                                                                                                                                                                                                                                                                              reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                              report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                              content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
                                                                                                                                                                                                                                                                                              document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1705INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f 72 74 2d 68 65 69 67 68
                                                                                                                                                                                                                                                                                              Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-heigh
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1INData Raw: 2f
                                                                                                                                                                                                                                                                                              Data Ascii: /
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC14632INData Raw: 2a 2a 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 37 2d 70 72 65 73 65 6e 74 2c 20 46 61 63 65 62 6f 6f 6b 2c 20 49 6e 63 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 2a 0a 2a 20 59 6f 75 20 61 72 65 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 20 61 20 6e 6f 6e 2d 65 78 63 6c 75 73 69 76 65 2c 20 77 6f 72 6c 64 77 69 64 65 2c 20 72 6f 79 61 6c 74 79 2d 66 72 65 65 20 6c 69 63 65 6e 73 65 20 74 6f 20 75 73 65 2c 0a 2a 20 63 6f 70 79 2c 20 6d 6f 64 69 66 79 2c 20 61 6e 64 20 64 69 73 74 72 69 62 75 74 65 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 69 6e 20 73 6f 75 72 63 65 20 63 6f 64 65 20 6f 72 20 62 69 6e 61 72 79 20 66 6f 72 6d 20 66 6f 72 20 75 73 65 0a 2a 20 69 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69 74
                                                                                                                                                                                                                                                                                              Data Ascii: *** Copyright (c) 2017-present, Facebook, Inc. All rights reserved.** You are hereby granted a non-exclusive, worldwide, royalty-free license to use,* copy, modify, and distribute this software in source code or binary form for use* in connection wit
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC16384INData Raw: 63 74 6f 72 5f 63 6f 6e 66 69 67 3b 69 66 28 61 3d 3d 6e 75 6c 6c 7c 7c 28 74 79 70 65 6f 66 20 61 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 22 75 6e 64 65 66 69 6e 65 64 22 3a 69 28 61 29 29 21 3d 3d 22 6f 62 6a 65 63 74 22 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 61 3d 61 2e 70 61 72 61 6d 65 74 65 72 5f 73 65 6c 65 63 74 6f 72 73 3b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 7b 61 3d 63 28 61 2c 68 29 3b 76 61 72 20 64 3d 62 28 61 2c 42 6f 6f 6c 65 61 6e 29 3b 69 66 28 61 2e 6c 65 6e 67 74 68 3d 3d 3d 64 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 7b 70 61 72 61 6d 65 74 65 72 5f 73 65 6c 65 63 74 6f 72 73 3a 64 7d 7d 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 61 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 7c 7c 28 74
                                                                                                                                                                                                                                                                                              Data Ascii: ctor_config;if(a==null||(typeof a==="undefined"?"undefined":i(a))!=="object")return null;a=a.parameter_selectors;if(Array.isArray(a)){a=c(a,h);var d=b(a,Boolean);if(a.length===d.length)return{parameter_selectors:d}}return null}function k(a){if(a==null||(t
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC16384INData Raw: 6e 74 73 55 74 69 6c 73 22 29 2c 72 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 73 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 47 65 74 49 73 49 6f 73 49 6e 41 70 70 42 72 6f 77 73 65 72 22 29 2c 73 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 55 52 4c 55 74 69 6c 22 29 2c 74 3d 73 2e 67 65 74 55 52 4c 50 61 72 61 6d 65 74 65 72 2c 75 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 47 65 74 56 61 6c 69 64 55 72 6c 22 29 2c 76 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 52 65 73 6f 6c 76 65 4c 69 6e 6b 22 29 3b 73 3d 66 2e 67 65 74
                                                                                                                                                                                                                                                                                              Data Ascii: ntsUtils"),r=f.getFbeventsModules("signalsFBEventsGetIsIosInAppBrowser"),s=f.getFbeventsModules("SignalsFBEventsURLUtil"),t=s.getURLParameter,u=f.getFbeventsModules("SignalsFBEventsGetValidUrl"),v=f.getFbeventsModules("SignalsFBEventsResolveLink");s=f.get
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC16384INData Raw: 3b 72 65 74 75 72 6e 20 6b 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 66 2e 65 6e 73 75 72 65 4d 6f 64 75 6c 65 52 65 67 69 73 74 65 72 65 64 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 47 65 74 56 61 6c 69 64 55 72 6c 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 66 2c 67 2c 68 2c 69 29 7b 76 61 72 20 6a 3d 7b 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 6a 2e 65 78 70 6f 72 74 73 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6a 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 74 72 79 7b 61 3d 6e 65 77 20 55 52 4c 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 63 61 74 63 68 28 61 29 7b 72
                                                                                                                                                                                                                                                                                              Data Ascii: ;return k.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEventsGetValidUrl",function(){return function(f,g,h,i){var j={exports:{}};j.exports;(function(){"use strict";j.exports=function(a){if(a==null)return null;try{a=new URL(a);return a}catch(a){r
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1751INData Raw: 74 68 46 69 65 6c 64 73 28 7b 74 61 72 67 65 74 44 6f 6d 61 69 6e 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 73 74 72 69 6e 67 28 29 29 2c 65 6e 64 70 6f 69 6e 74 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 73 74 72 69 6e 67 28 29 29 2c 75 73 65 50 61 74 68 43 6f 6f 6b 69 65 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 5b 22 62 6f 6f 6c 65 61 6e 22 5d 28 29 29 2c 66 61 6c 6c 62 61 63 6b 44 6f 6d 61 69 6e 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 73 74 72 69 6e 67 28 29 29 7d 29 29 2c 65 76 65 6e 74 73 46 69 6c 74 65 72 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 6f 62 6a 65 63 74 57 69 74 68 46 69 65 6c 64 73 28 7b 66 69 6c 74 65 72 69 6e 67 4d 6f 64 65 3a 62 2e 61 6c 6c 6f 77 4e 75 6c 6c 28 62 2e 73 74 72 69 6e 67 28 29 29 2c 65 76 65 6e 74 4e 61 6d
                                                                                                                                                                                                                                                                                              Data Ascii: thFields({targetDomain:b.allowNull(b.string()),endpoint:b.allowNull(b.string()),usePathCookie:b.allowNull(b["boolean"]()),fallbackDomain:b.allowNull(b.string())})),eventsFilter:b.allowNull(b.objectWithFields({filteringMode:b.allowNull(b.string()),eventNam
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC14633INData Raw: 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 74 68 69 73 2e 5f 6f 70 74 73 5b 61 5d 3b 72 65 74 75 72 6e 20 62 21 3d 6e 75 6c 6c 3f 63 28 64 28 62 29 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 62 5b 61 5d 3d 3d 3d 21 30 7d 29 3a 5b 5d 7d 7d 5d 29 3b 72 65 74 75 72 6e 20 61 7d 28 29 3b 6c 2e 65 78 70 6f 72 74 73 3d 61 7d 29 28 29 3b 72 65 74 75 72 6e 20 6c 2e 65 78 70 6f 72 74 73 7d 28 61 2c 62 2c 63 2c 64 29 7d 29 3b 66 2e 65 6e 73 75 72 65 4d 6f 64 75 6c 65 52 65 67 69 73 74 65 72 65 64 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 50 61 72 61 6c 6c 65 6c 46 69 72 65 43 6f 6e 66 69 67 54 79 70 65 64 65 66 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 67 2c 68 2c 69 2c 6a 29 7b 76
                                                                                                                                                                                                                                                                                              Data Ascii: :function(a){var b=this._opts[a];return b!=null?c(d(b),function(a){return b[a]===!0}):[]}}]);return a}();l.exports=a})();return l.exports}(a,b,c,d)});f.ensureModuleRegistered("SignalsFBEventsParallelFireConfigTypedef",function(){return function(g,h,i,j){v
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC16384INData Raw: 73 2e 61 70 70 65 6e 64 28 63 2c 61 5b 63 5d 29 7d 29 7d 29 3b 66 3d 6f 2e 74 72 69 67 67 65 72 28 70 28 62 29 29 3b 66 21 3d 6e 75 6c 6c 26 26 6d 28 66 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 21 3d 6e 75 6c 6c 26 26 6d 28 6e 28 61 29 2c 66 75 6e 63 74 69 6f 6e 28 63 29 7b 62 2e 63 75 73 74 6f 6d 50 61 72 61 6d 73 3d 62 2e 63 75 73 74 6f 6d 50 61 72 61 6d 73 7c 7c 6e 65 77 20 64 28 29 2c 62 2e 63 75 73 74 6f 6d 50 61 72 61 6d 73 2e 61 70 70 65 6e 64 28 63 2c 61 5b 63 5d 29 7d 29 7d 29 3b 69 2e 74 72 69 67 67 65 72 28 62 29 3b 66 3d 65 2e 74 72 69 67 67 65 72 28 62 29 3b 69 66 28 6c 28 66 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7d 29 29 72 65 74 75 72 6e 3b 66 3d 68 2e 74 72 69 67 67 65 72 28 62 29 3b 69 66 28 6c 28 66 2c 66 75 6e
                                                                                                                                                                                                                                                                                              Data Ascii: s.append(c,a[c])})});f=o.trigger(p(b));f!=null&&m(f,function(a){a!=null&&m(n(a),function(c){b.customParams=b.customParams||new d(),b.customParams.append(c,a[c])})});i.trigger(b);f=e.trigger(b);if(l(f,function(a){return a}))return;f=h.trigger(b);if(l(f,fun
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC16384INData Raw: 2c 74 3d 73 2e 6c 65 6e 67 74 68 3b 66 75 6e 63 74 69 6f 6e 20 75 28 61 29 7b 69 66 28 28 74 79 70 65 6f 66 20 61 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 22 75 6e 64 65 66 69 6e 65 64 22 3a 69 28 61 29 29 21 3d 3d 22 6f 62 6a 65 63 74 22 26 26 28 74 79 70 65 6f 66 20 61 21 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 61 3d 3d 3d 6e 75 6c 6c 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 4f 62 6a 65 63 74 2e 6b 65 79 73 20 63 61 6c 6c 65 64 20 6f 6e 20 6e 6f 6e 2d 6f 62 6a 65 63 74 22 29 3b 76 61 72 20 62 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 71 2e 63 61 6c 6c 28 61 2c 63 29 26 26 62 2e 70 75 73 68 28 63 29 3b 69 66 28 72 29 66 6f 72 28 63 3d 30 3b 63 3c 74 3b 63 2b 2b 29 71 2e 63 61 6c 6c 28 61 2c 73 5b 63 5d 29
                                                                                                                                                                                                                                                                                              Data Ascii: ,t=s.length;function u(a){if((typeof a==="undefined"?"undefined":i(a))!=="object"&&(typeof a!=="function"||a===null))throw new TypeError("Object.keys called on non-object");var b=[];for(var c in a)q.call(a,c)&&b.push(c);if(r)for(c=0;c<t;c++)q.call(a,s[c])


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              66192.168.11.205355469.147.92.124432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC522OUTGET /wi/ytc.js HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: s.yimg.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC966INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              x-amz-id-2: 45Sbn1V9za97YWfJUjm40TZ4usO8RbX7T13xFShmGW+kPGvx13fzciLZLhjdIz7BltmvzbYtt38unK3jkzxaxPaUM24DJNKb
                                                                                                                                                                                                                                                                                              x-amz-request-id: QNZZDTJD20DDF1TP
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:09:23 GMT
                                                                                                                                                                                                                                                                                              Last-Modified: Mon, 26 Jun 2023 09:26:35 GMT
                                                                                                                                                                                                                                                                                              x-amz-expiration: expiry-date="Wed, 31 Jul 2024 00:00:00 GMT", rule-id="oath-standard-lifecycle"
                                                                                                                                                                                                                                                                                              ETag: "5c6ed25dce803fd84288922b8928409e"
                                                                                                                                                                                                                                                                                              x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                                              Cache-Control: public,max-age=3600
                                                                                                                                                                                                                                                                                              x-amz-version-id: xC6OTTJGIjCqkMTkbrZpmtbXHK5oaZhW
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                                                                                                                                              Server: ATS
                                                                                                                                                                                                                                                                                              Content-Length: 18187
                                                                                                                                                                                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                                                                                              Vary: Origin
                                                                                                                                                                                                                                                                                              Age: 2118
                                                                                                                                                                                                                                                                                              ATS-Carp-Promotion: 1
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                              Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
                                                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              ATS-Carp-Promotion: 1
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1300INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 69 66 28 74 5b 72 5d 29 72 65 74 75 72 6e 20 74 5b 72 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 69 3d 74 5b 72 5d 3d 7b 69 3a 72 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 72 5d 2e 63 61 6c 6c 28 69 2e 65 78 70 6f 72 74 73 2c 69 2c 69 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 69 2e 6c 3d 21 30 2c 69 2e 65 78 70 6f 72 74 73 7d 6e 2e 6d 3d 65 2c 6e 2e 63 3d 74 2c 6e 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 6e 2e 6f 28 65 2c 74 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 74 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 72 7d 29 7d 2c 6e 2e 72 3d 66 75 6e
                                                                                                                                                                                                                                                                                              Data Ascii: !function(e){var t={};function n(r){if(t[r])return t[r].exports;var i=t[r]={i:r,l:!1,exports:{}};return e[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:r})},n.r=fun
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1300INData Raw: 41 74 28 61 29 29 3e 3d 35 36 33 32 30 26 26 6f 3c 3d 35 37 33 34 33 29 29 7b 72 5b 6e 2b 3d 31 5d 3d 32 33 39 2c 72 5b 6e 2b 3d 31 5d 3d 31 39 31 2c 72 5b 6e 2b 3d 31 5d 3d 31 38 39 3b 63 6f 6e 74 69 6e 75 65 7d 69 66 28 61 2b 3d 31 2c 28 69 3d 31 30 32 34 2a 28 69 2d 35 35 32 39 36 29 2b 6f 2d 35 36 33 32 30 2b 36 35 35 33 36 29 3e 36 35 35 33 35 29 7b 72 5b 6e 2b 3d 31 5d 3d 32 34 30 7c 69 3e 3e 3e 31 38 2c 72 5b 6e 2b 3d 31 5d 3d 31 32 38 7c 69 3e 3e 3e 31 32 26 36 33 2c 72 5b 6e 2b 3d 31 5d 3d 31 32 38 7c 69 3e 3e 3e 36 26 36 33 2c 72 5b 6e 2b 3d 31 5d 3d 31 32 38 7c 36 33 26 69 3b 63 6f 6e 74 69 6e 75 65 7d 7d 69 3c 3d 31 32 37 3f 72 5b 6e 2b 3d 31 5d 3d 30 7c 69 3a 69 3c 3d 32 30 34 37 3f 28 72 5b 6e 2b 3d 31 5d 3d 31 39 32 7c 69 3e 3e 3e 36 2c 72
                                                                                                                                                                                                                                                                                              Data Ascii: At(a))>=56320&&o<=57343)){r[n+=1]=239,r[n+=1]=191,r[n+=1]=189;continue}if(a+=1,(i=1024*(i-55296)+o-56320+65536)>65535){r[n+=1]=240|i>>>18,r[n+=1]=128|i>>>12&63,r[n+=1]=128|i>>>6&63,r[n+=1]=128|63&i;continue}}i<=127?r[n+=1]=0|i:i<=2047?(r[n+=1]=192|i>>>6,r
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1300INData Raw: 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3a 76 6f 69 64 20 30 3b 69 66 28 76 6f 69 64 20 30 21 3d 3d 61 29 7b 69 66 28 21 74 28 61 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 41 72 72 61 79 2e 66 72 6f 6d 3a 20 77 68 65 6e 20 70 72 6f 76 69 64 65 64 2c 20 74 68 65 20 73 65 63 6f 6e 64 20 61 72 67 75 6d 65 6e 74 20 6d 75 73 74 20 62 65 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 3b 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 32 26 26 28 6f 3d 61 72 67 75 6d 65 6e 74 73 5b 32 5d 29 7d 66 6f 72 28 76 61 72 20 73 2c 75 3d 72 28 69 2e 6c 65 6e 67 74 68 29 2c 64 3d 74 28 6e 29 3f 4f 62 6a 65 63 74 28 6e 65 77 20 6e 28 75 29 29 3a 6e 65 77 20 41 72 72 61 79 28 75 29 2c 63 3d 30 3b 63 3c 75 3b 29 73 3d 69 5b 63 5d 2c 64 5b 63 5d 3d 61 3f 76
                                                                                                                                                                                                                                                                                              Data Ascii: arguments[1]:void 0;if(void 0!==a){if(!t(a))throw new TypeError("Array.from: when provided, the second argument must be a function");arguments.length>2&&(o=arguments[2])}for(var s,u=r(i.length),d=t(n)?Object(new n(u)):new Array(u),c=0;c<u;)s=i[c],d[c]=a?v
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1300INData Raw: 63 68 28 65 29 7b 7d 69 66 28 6e 3d 3d 3d 77 69 6e 64 6f 77 2e 74 6f 70 29 62 72 65 61 6b 3b 6e 3d 6e 2e 70 61 72 65 6e 74 7d 72 65 74 75 72 6e 20 74 7d 28 74 29 3b 69 66 28 21 69 29 72 65 74 75 72 6e 20 76 6f 69 64 20 76 28 65 29 3b 76 61 72 20 6f 3d 7b 7d 2c 61 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 22 22 3b 22 5f 5f 74 63 66 61 70 69 4c 6f 63 61 74 6f 72 22 3d 3d 3d 74 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 29 7b 77 69 6e 64 6f 77 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 69 2c 6f 2c 61 29 7b 76 61 72 20 73 3d 7b 5f 5f 74 63 66 61 70 69 43 61 6c 6c 3a 7b 63 6f 6d 6d 61 6e 64 3a 65 2c 70 61 72 61 6d 65 74 65 72 3a 61 2c 76 65 72 73 69 6f 6e 3a 69 2c 63 61 6c 6c 49 64 3a 72 7d 7d 3b 6e 5b 72 5d 3d 6f 2c 6c 28 74 2c 73 2c 22 2a 22 29
                                                                                                                                                                                                                                                                                              Data Ascii: ch(e){}if(n===window.top)break;n=n.parent}return t}(t);if(!i)return void v(e);var o={},a=Math.random()+"";"__tcfapiLocator"===t?function(e,t,n,r){window[e]=function(e,i,o,a){var s={__tcfapiCall:{command:e,parameter:a,version:i,callId:r}};n[r]=o,l(t,s,"*")
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1300INData Raw: 6e 67 3a 6e 2e 75 73 70 53 74 72 69 6e 67 2c 69 73 4f 61 74 68 46 69 72 73 74 50 61 72 74 79 3a 6e 2e 69 73 4f 61 74 68 46 69 72 73 74 50 61 72 74 79 7d 2c 21 30 29 3a 65 28 76 6f 69 64 20 30 2c 21 31 29 7d 29 29 29 7d 2c 79 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 2c 74 3b 6d 28 22 5f 5f 74 63 66 61 70 69 22 2c 22 5f 5f 74 63 66 61 70 69 4c 6f 63 61 74 6f 72 22 2c 22 5f 5f 74 63 66 61 70 69 43 61 6c 6c 22 2c 22 5f 5f 74 63 66 61 70 69 52 65 74 75 72 6e 22 29 2c 77 69 6e 64 6f 77 2e 5f 5f 74 63 66 61 70 69 3f 28 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 74 3f 28 68 28 65 29 2c 76 28 22 5f 5f 74 63 66 61 70 69 22 29 29 3a 67 28 29 7d 2c 74 3d 73 65 74 54 69 6d 65 6f 75 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 65 28 76 6f 69 64 20 30 2c 21
                                                                                                                                                                                                                                                                                              Data Ascii: ng:n.uspString,isOathFirstParty:n.isOathFirstParty},!0):e(void 0,!1)})))},y=function(){var e,t;m("__tcfapi","__tcfapiLocator","__tcfapiCall","__tcfapiReturn"),window.__tcfapi?(e=function(e,t){t?(h(e),v("__tcfapi")):g()},t=setTimeout((function(){e(void 0,!
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1300INData Raw: 2e 74 6f 47 4d 54 53 74 72 69 6e 67 28 29 3a 22 3b 20 65 78 70 69 72 65 73 3d 54 68 75 2c 20 30 31 2d 4a 61 6e 2d 31 39 37 30 20 30 30 3a 30 30 3a 30 31 20 47 4d 54 22 2c 6e 3d 65 2e 6e 61 6d 65 2b 22 3d 22 2b 65 2e 76 61 6c 75 65 2b 74 2b 22 3b 20 70 61 74 68 3d 22 2b 65 2e 70 61 74 68 2b 28 22 22 21 3d 3d 65 2e 64 6f 6d 61 69 6e 3f 22 3b 20 64 6f 6d 61 69 6e 3d 2e 22 2b 65 2e 64 6f 6d 61 69 6e 3a 22 22 29 2b 22 3b 20 53 61 6d 65 53 69 74 65 3d 4c 61 78 22 2c 64 6f 63 75 6d 65 6e 74 2e 63 6f 6f 6b 69 65 3d 6e 7d 28 7b 6e 61 6d 65 3a 65 2c 76 61 6c 75 65 3a 74 2c 65 78 70 69 72 79 4f 66 66 73 65 74 3a 6e 2c 64 6f 6d 61 69 6e 3a 61 28 29 2c 70 61 74 68 3a 22 2f 22 7d 29 3b 76 61 72 20 72 3d 7b 69 64 3a 74 2c 74 69 6d 65 73 74 61 6d 70 3a 28 6e 65 77 20 44
                                                                                                                                                                                                                                                                                              Data Ascii: .toGMTString():"; expires=Thu, 01-Jan-1970 00:00:01 GMT",n=e.name+"="+e.value+t+"; path="+e.path+(""!==e.domain?"; domain=."+e.domain:"")+"; SameSite=Lax",document.cookie=n}({name:e,value:t,expiryOffset:n,domain:a(),path:"/"});var r={id:t,timestamp:(new D
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1300INData Raw: 29 7d 7d 76 61 72 20 48 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 30 3b 66 6f 72 28 76 61 72 20 6e 20 69 6e 20 67 65 2e 70 6c 61 69 6e 41 75 69 64 73 29 7b 76 61 72 20 72 3d 41 72 72 61 79 2e 66 72 6f 6d 28 6e 65 77 20 55 69 6e 74 38 41 72 72 61 79 28 65 5b 74 5d 29 29 2e 6d 61 70 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 74 6f 53 74 72 69 6e 67 28 31 36 29 2e 70 61 64 53 74 61 72 74 28 32 2c 22 30 22 29 7d 29 29 3b 67 65 2e 68 61 73 68 65 64 41 75 69 64 73 5b 6e 5d 3d 72 2e 6a 6f 69 6e 28 22 22 29 2c 74 2b 2b 7d 67 65 2e 61 75 69 64 73 41 72 65 48 61 73 68 65 64 3d 21 30 2c 79 65 28 29 7d 2c 4d 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 74 2e 70 75 73 68 28
                                                                                                                                                                                                                                                                                              Data Ascii: )}}var H=function(e){var t=0;for(var n in ge.plainAuids){var r=Array.from(new Uint8Array(e[t])).map((function(e){return e.toString(16).padStart(2,"0")}));ge.hashedAuids[n]=r.join(""),t++}ge.auidsAreHashed=!0,ye()},M=function(e,t){var n=function(n){t.push(
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1300INData Raw: 3b 72 65 74 75 72 6e 28 77 69 6e 64 6f 77 2e 63 72 79 70 74 6f 7c 7c 77 69 6e 64 6f 77 2e 6d 73 43 72 79 70 74 6f 29 2e 73 75 62 74 6c 65 2e 64 69 67 65 73 74 28 22 53 48 41 2d 32 35 36 22 2c 74 29 7d 3b 76 61 72 20 56 2c 7a 3d 21 31 3b 66 75 6e 63 74 69 6f 6e 20 59 28 65 29 7b 69 66 28 76 6f 69 64 20 30 21 3d 3d 65 29 7b 76 61 72 20 74 3d 6e 65 77 20 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 2c 6e 3d 22 68 74 74 70 73 3a 2f 2f 73 2e 79 69 6d 67 2e 63 6f 6d 2f 77 69 2f 63 6f 6e 66 69 67 2f 22 2b 65 2b 22 2e 6a 73 6f 6e 22 3b 74 2e 6f 70 65 6e 28 22 47 45 54 22 2c 6e 2c 21 30 29 2c 74 2e 74 69 6d 65 6f 75 74 3d 32 65 33 2c 74 2e 6f 6e 74 69 6d 65 6f 75 74 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 71 2d 2d 2c 79 65 28 29 7d 2c 74 2e 73 65 6e 64 28 29 2c 74 2e
                                                                                                                                                                                                                                                                                              Data Ascii: ;return(window.crypto||window.msCrypto).subtle.digest("SHA-256",t)};var V,z=!1;function Y(e){if(void 0!==e){var t=new XMLHttpRequest,n="https://s.yimg.com/wi/config/"+e+".json";t.open("GET",n,!0),t.timeout=2e3,t.ontimeout=function(e){q--,ye()},t.send(),t.
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1300INData Raw: 6d 61 69 6c 26 26 28 74 2e 75 73 65 72 45 6d 61 69 6c 3d 67 65 2e 65 6d 61 69 6c 73 5b 74 2e 70 69 78 65 6c 49 64 5d 29 2c 74 2e 75 73 65 72 48 61 73 68 65 64 45 6d 61 69 6c 26 26 28 49 65 28 74 2e 75 73 65 72 48 61 73 68 65 64 45 6d 61 69 6c 29 7c 7c 64 65 6c 65 74 65 20 74 2e 75 73 65 72 48 61 73 68 65 64 45 6d 61 69 6c 29 7d 76 61 72 20 24 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 74 2e 70 75 73 68 28 6e 2e 74 61 72 67 65 74 2e 72 65 73 75 6c 74 29 2c 74 2e 6c 65 6e 67 74 68 3d 3d 3d 65 2e 6c 65 6e 67 74 68 26 26 5a 28 74 29 7d 3b 66 6f 72 28 76 61 72 20 72 20 69 6e 20 65 29 65 5b 72 5d 2e 6f 6e 63 6f 6d 70 6c 65 74 65 3d 6e 7d 2c 5a 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 30 3b
                                                                                                                                                                                                                                                                                              Data Ascii: mail&&(t.userEmail=ge.emails[t.pixelId]),t.userHashedEmail&&(Ie(t.userHashedEmail)||delete t.userHashedEmail)}var $=function(e,t){var n=function(n){t.push(n.target.result),t.length===e.length&&Z(t)};for(var r in e)e[r].oncomplete=n},Z=function(e){var t=0;
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1300INData Raw: 6f 6d 70 6f 6e 65 6e 74 28 70 61 72 73 65 49 6e 74 28 74 2e 67 65 74 54 69 6d 65 7a 6f 6e 65 4f 66 66 73 65 74 28 29 2f 36 30 2c 31 30 29 2b 28 74 2e 67 65 74 54 69 6d 65 7a 6f 6e 65 4f 66 66 73 65 74 28 29 3c 74 2e 79 77 61 53 74 61 6e 64 61 72 64 54 69 6d 65 7a 6f 6e 65 4f 66 66 73 65 74 3f 22 64 22 3a 22 22 29 29 29 2c 65 2e 6a 6f 69 6e 28 22 22 29 7d 28 29 29 2c 72 2e 6a 6f 69 6e 28 22 22 29 7d 76 61 72 20 72 65 3d 5b 7b 6e 61 6d 65 3a 22 74 65 61 6c 69 75 6d 22 2c 69 6e 74 65 72 66 61 63 65 3a 22 75 74 61 67 5f 64 61 74 61 22 7d 2c 7b 6e 61 6d 65 3a 22 67 74 6d 22 2c 69 6e 74 65 72 66 61 63 65 3a 22 67 6f 6f 67 6c 65 5f 74 61 67 5f 6d 61 6e 61 67 65 72 22 7d 2c 7b 6e 61 6d 65 3a 22 61 64 6f 62 65 22 2c 69 6e 74 65 72 66 61 63 65 3a 22 5f 73 61 74 65
                                                                                                                                                                                                                                                                                              Data Ascii: omponent(parseInt(t.getTimezoneOffset()/60,10)+(t.getTimezoneOffset()<t.ywaStandardTimezoneOffset?"d":""))),e.join("")}()),r.join("")}var re=[{name:"tealium",interface:"utag_data"},{name:"gtm",interface:"google_tag_manager"},{name:"adobe",interface:"_sate


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              67192.168.11.205479118.160.41.1124432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC543OUTGET /c/hotjar-857043.js?sv=6 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: static.hotjar.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC639INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Type: application/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=2592000; includeSubDomains
                                                                                                                                                                                                                                                                                              X-Cache-Hit: 1
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=60
                                                                                                                                                                                                                                                                                              ETag: W/ea7101974e323ef87a87ede24d2ebc09
                                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                              X-Cache: RefreshHit from cloudfront
                                                                                                                                                                                                                                                                                              Via: 1.1 8beba0476250d2240f748269153a9f96.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                              X-Amz-Cf-Pop: IAD55-P1
                                                                                                                                                                                                                                                                                              X-Amz-Cf-Id: z8ssyzCiyG-r4VNbUE-0uxD1dhsV0eNW6-St7A8izmNACFj8acTDKQ==
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC9160INData Raw: 32 33 63 30 0d 0a 77 69 6e 64 6f 77 2e 68 6a 53 69 74 65 53 65 74 74 69 6e 67 73 20 3d 20 77 69 6e 64 6f 77 2e 68 6a 53 69 74 65 53 65 74 74 69 6e 67 73 20 7c 7c 20 7b 22 73 69 74 65 5f 69 64 22 3a 38 35 37 30 34 33 2c 22 72 65 63 5f 76 61 6c 75 65 22 3a 31 2e 30 2c 22 73 74 61 74 65 5f 63 68 61 6e 67 65 5f 6c 69 73 74 65 6e 5f 6d 6f 64 65 22 3a 22 61 75 74 6f 6d 61 74 69 63 5f 77 69 74 68 5f 66 72 61 67 6d 65 6e 74 73 22 2c 22 72 65 63 6f 72 64 22 3a 74 72 75 65 2c 22 63 6f 6e 74 69 6e 75 6f 75 73 5f 63 61 70 74 75 72 65 5f 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 72 65 63 6f 72 64 69 6e 67 5f 63 61 70 74 75 72 65 5f 6b 65 79 73 74 72 6f 6b 65 73 22 3a 66 61 6c 73 65 2c 22 73 65 73 73 69 6f 6e 5f 63 61 70 74 75 72 65 5f 63 6f 6e 73 6f 6c 65 5f 63 6f
                                                                                                                                                                                                                                                                                              Data Ascii: 23c0window.hjSiteSettings = window.hjSiteSettings || {"site_id":857043,"rec_value":1.0,"state_change_listen_mode":"automatic_with_fragments","record":true,"continuous_capture_enabled":true,"recording_capture_keystrokes":false,"session_capture_console_co
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              68192.168.11.205066252.206.50.2224432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC759OUTGET /dest5.html?d_nsid=0 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: symantec.demdex.net
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: iframe
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: demdex=12420529992577389502124774616857229634
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC604INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/html;charset=UTF-8
                                                                                                                                                                                                                                                                                              Content-Length: 6983
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              X-TID: Q4W+UDyTQSA=
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: Thu, 01 Jan 1970 00:00:00 UTC
                                                                                                                                                                                                                                                                                              P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              last-modified: Thu, 9 May 2024 11:56:17 GMT
                                                                                                                                                                                                                                                                                              DCS: dcs-prod-va6-1-v060-08c51d022.edge-va6.demdex.com 0 ms
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC6983INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 68 74 6d 6c 34 2f 6c 6f 6f 73 65 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 41 64 6f 62 65 20 41 75 64 69 65 6e 63 65 4d 61 6e 61 67 65 72 3c 2f 74 69 74 6c 65 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73
                                                                                                                                                                                                                                                                                              Data Ascii: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html lang="en-US"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Adobe AudienceManager</title><script type="text/javas


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              69192.168.11.205022852.85.132.1154432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC540OUTGET /tags/563151391133/tag.js HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: www.mczbf.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC487INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Type: application/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                              Content-Length: 45453
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:25:17 GMT
                                                                                                                                                                                                                                                                                              X-Request-ID: 0292711a-1b5b-11ef-bbca-49e30e1f9f7e
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=1800
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex, nofollow
                                                                                                                                                                                                                                                                                              X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                                              Via: 1.1 65e185f36e65abff9322e261be3491d4.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                              X-Amz-Cf-Pop: IAD50-C2
                                                                                                                                                                                                                                                                                              X-Amz-Cf-Id: sNT0D2E5iEUIhFBB1cv0OzCjdSZY5HCKtTw7JDiYacuh66VSajqdlQ==
                                                                                                                                                                                                                                                                                              Age: 1163
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC16384INData Raw: 76 61 72 20 43 4a 41 70 69 3b 21 66 75 6e 63 74 69 6f 6e 28 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 3d 7b 38 38 35 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 72 3d 74 68 69 73 26 26 74 68 69 73 2e 5f 5f 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 7c 7c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 72 3d 31 2c 6e 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 72 3c 6e 3b 72 2b 2b 29 66 6f 72 28 76 61 72 20 6f 20 69 6e 20 74 3d 61 72 67 75 6d 65 6e 74 73 5b 72 5d 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 74 2c 6f 29 26 26 28 65 5b 6f 5d 3d 74 5b 6f
                                                                                                                                                                                                                                                                                              Data Ascii: var CJApi;!function(){"use strict";var e={885:function(e,t){var r=this&&this.__assign||function(){return r=Object.assign||function(e){for(var t,r=1,n=arguments.length;r<n;r++)for(var o in t=arguments[r])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC16384INData Raw: 2e 73 74 72 69 6e 67 69 66 79 28 72 29 5d 2c 5b 22 70 61 72 74 6e 65 72 73 68 69 70 73 22 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 73 29 5d 2c 5b 22 70 61 72 74 6e 65 72 73 68 69 70 4d 6f 64 65 22 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 6c 29 5d 2c 5b 22 63 6f 75 6e 74 72 79 43 6f 64 65 22 2c 64 5d 2c 5b 22 63 6a 65 76 65 6e 74 6c 73 22 2c 6e 2e 6c 6f 63 61 6c 53 74 6f 72 61 67 65 5d 2c 5b 22 63 6a 65 76 65 6e 74 73 73 22 2c 6e 2e 73 65 73 73 69 6f 6e 53 74 6f 72 61 67 65 5d 2c 5b 22 63 6a 65 76 65 6e 74 71 22 2c 6e 2e 63 6a 65 76 65 6e 74 51 75 65 72 79 53 74 72 69 6e 67 5d 2c 5b 22 69 73 44 65 76 69 63 65 41 63 63 65 73 73 47 72 61 6e 74 65 64 22 2c 6f 5d 2c 5b 74 2e 43 4a 5f 55 53 45 52 5f 4b 45 59 2c 69 5d 2c 5b 22 63 6f 6f 6b 69 65 73
                                                                                                                                                                                                                                                                                              Data Ascii: .stringify(r)],["partnerships",JSON.stringify(s)],["partnershipMode",JSON.stringify(l)],["countryCode",d],["cjeventls",n.localStorage],["cjeventss",n.sessionStorage],["cjeventq",n.cjeventQueryString],["isDeviceAccessGranted",o],[t.CJ_USER_KEY,i],["cookies
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1514INData Raw: 74 65 72 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 29 7b 73 77 69 74 63 68 28 65 29 7b 63 61 73 65 22 4e 4f 5f 4f 50 22 3a 64 65 66 61 75 6c 74 3a 72 65 74 75 72 6e 20 74 2e 6e 6f 4f 70 52 65 70 6f 72 74 65 72 3b 63 61 73 65 22 41 43 54 49 56 45 22 3a 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 77 69 6e 64 6f 77 2e 6e 61 76 69 67 61 74 6f 72 2e 73 65 6e 64 42 65 61 63 6f 6e 3f 7b 73 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6e 28 65 2c 74 29 7d 7d 3a 28 6f 28 65 29 2c 69 28 29 29 7d 28 72 29 3b 63 61 73 65 22 45 52 52 4f 52 5f 4f 4e 4c 59 22 3a 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 77 69 6e 64 6f 77 2e 6e 61 76 69 67 61 74 6f 72 2e 73 65 6e 64 42 65 61 63 6f 6e 3f 7b
                                                                                                                                                                                                                                                                                              Data Ascii: ter=function(e,r){switch(e){case"NO_OP":default:return t.noOpReporter;case"ACTIVE":return function(e){return e.window.navigator.sendBeacon?{send:function(t){n(e,t)}}:(o(e),i())}(r);case"ERROR_ONLY":return function(e){return e.window.navigator.sendBeacon?{
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC11171INData Raw: 6c 3d 63 5b 31 5d 3b 62 72 65 61 6b 7d 69 66 28 36 3d 3d 3d 63 5b 30 5d 26 26 61 2e 6c 61 62 65 6c 3c 6f 5b 31 5d 29 7b 61 2e 6c 61 62 65 6c 3d 6f 5b 31 5d 2c 6f 3d 63 3b 62 72 65 61 6b 7d 69 66 28 6f 26 26 61 2e 6c 61 62 65 6c 3c 6f 5b 32 5d 29 7b 61 2e 6c 61 62 65 6c 3d 6f 5b 32 5d 2c 61 2e 6f 70 73 2e 70 75 73 68 28 63 29 3b 62 72 65 61 6b 7d 6f 5b 32 5d 26 26 61 2e 6f 70 73 2e 70 6f 70 28 29 2c 61 2e 74 72 79 73 2e 70 6f 70 28 29 3b 63 6f 6e 74 69 6e 75 65 7d 63 3d 74 2e 63 61 6c 6c 28 65 2c 61 29 7d 63 61 74 63 68 28 65 29 7b 63 3d 5b 36 2c 65 5d 2c 6e 3d 30 7d 66 69 6e 61 6c 6c 79 7b 72 3d 6f 3d 30 7d 69 66 28 35 26 63 5b 30 5d 29 74 68 72 6f 77 20 63 5b 31 5d 3b 72 65 74 75 72 6e 7b 76 61 6c 75 65 3a 63 5b 30 5d 3f 63 5b 31 5d 3a 76 6f 69 64 20 30
                                                                                                                                                                                                                                                                                              Data Ascii: l=c[1];break}if(6===c[0]&&a.label<o[1]){a.label=o[1],o=c;break}if(o&&a.label<o[2]){a.label=o[2],a.ops.push(c);break}o[2]&&a.ops.pop(),a.trys.pop();continue}c=t.call(e,a)}catch(e){c=[6,e],n=0}finally{r=o=0}if(5&c[0])throw c[1];return{value:c[0]?c[1]:void 0


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              70192.168.11.2063671146.75.28.1574432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC531OUTGET /uwt.js HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: static.ads-twitter.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 57671
                                                                                                                                                                                                                                                                                              Last-Modified: Thu, 04 Apr 2024 00:26:35 GMT
                                                                                                                                                                                                                                                                                              ETag: "bbbcf811d8437a575d796a4c1e5d4fad"
                                                                                                                                                                                                                                                                                              x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              X-Served-By: cache-iad-kiad7000163-IAD
                                                                                                                                                                                                                                                                                              X-Cache: HIT
                                                                                                                                                                                                                                                                                              Vary: Accept-Encoding,Host
                                                                                                                                                                                                                                                                                              P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
                                                                                                                                                                                                                                                                                              x-tw-cdn: FT
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1379INData Raw: 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 74 3d 7b 36 31 37 33 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 6e 29 7b 76 61 72 20 72 3b 74 2e 65 78 70 6f 72 74 73 3d 28 72 3d 72 7c 7c 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 76 61 72 20 72 3b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2e 63 72 79 70 74 6f 26 26 28 72 3d 77 69 6e 64 6f 77 2e 63 72 79 70 74 6f 29 2c 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2e 63 72 79 70 74 6f 26 26 28 72 3d 73 65 6c 66 2e 63 72 79 70 74 6f 29 2c 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2e 63 72 79 70 74 6f 26 26 28 72 3d
                                                                                                                                                                                                                                                                                              Data Ascii: !function(){var t={6173:function(t,e,n){var r;t.exports=(r=r||function(t,e){var r;if("undefined"!=typeof window&&window.crypto&&(r=window.crypto),"undefined"!=typeof self&&self.crypto&&(r=self.crypto),"undefined"!=typeof globalThis&&globalThis.crypto&&(r=
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1379INData Raw: 68 69 73 2e 77 6f 72 64 73 3d 74 7c 7c 5b 5d 2c 74 68 69 73 2e 73 69 67 42 79 74 65 73 3d 6e 75 6c 6c 21 3d 65 3f 65 3a 34 2a 74 2e 6c 65 6e 67 74 68 7d 2c 74 6f 53 74 72 69 6e 67 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 28 74 7c 7c 66 29 2e 73 74 72 69 6e 67 69 66 79 28 74 68 69 73 29 7d 2c 63 6f 6e 63 61 74 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 68 69 73 2e 77 6f 72 64 73 2c 6e 3d 74 2e 77 6f 72 64 73 2c 72 3d 74 68 69 73 2e 73 69 67 42 79 74 65 73 2c 69 3d 74 2e 73 69 67 42 79 74 65 73 3b 69 66 28 74 68 69 73 2e 63 6c 61 6d 70 28 29 2c 72 25 34 29 66 6f 72 28 76 61 72 20 6f 3d 30 3b 6f 3c 69 3b 6f 2b 2b 29 7b 76 61 72 20 61 3d 6e 5b 6f 3e 3e 3e 32 5d 3e 3e 3e 32 34 2d 6f 25 34 2a 38 26 32 35 35 3b 65 5b 72 2b 6f 3e
                                                                                                                                                                                                                                                                                              Data Ascii: his.words=t||[],this.sigBytes=null!=e?e:4*t.length},toString:function(t){return(t||f).stringify(this)},concat:function(t){var e=this.words,n=t.words,r=this.sigBytes,i=t.sigBytes;if(this.clamp(),r%4)for(var o=0;o<i;o++){var a=n[o>>>2]>>>24-o%4*8&255;e[r+o>
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1379INData Raw: 6e 28 74 29 7b 72 65 74 75 72 6e 20 64 2e 70 61 72 73 65 28 75 6e 65 73 63 61 70 65 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 74 29 29 29 7d 7d 2c 70 3d 63 2e 42 75 66 66 65 72 65 64 42 6c 6f 63 6b 41 6c 67 6f 72 69 74 68 6d 3d 75 2e 65 78 74 65 6e 64 28 7b 72 65 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 64 61 74 61 3d 6e 65 77 20 73 2e 69 6e 69 74 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 3d 30 7d 2c 5f 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 28 74 3d 68 2e 70 61 72 73 65 28 74 29 29 2c 74 68 69 73 2e 5f 64 61 74 61 2e 63 6f 6e 63 61 74 28 74 29 2c 74 68 69 73 2e 5f 6e 44 61 74 61 42 79 74 65 73 2b 3d 74 2e 73 69 67 42 79 74 65 73
                                                                                                                                                                                                                                                                                              Data Ascii: n(t){return d.parse(unescape(encodeURIComponent(t)))}},p=c.BufferedBlockAlgorithm=u.extend({reset:function(){this._data=new s.init,this._nDataBytes=0},_append:function(t){"string"==typeof t&&(t=h.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1379INData Raw: 61 72 20 72 3d 32 2c 69 3d 30 3b 69 3c 36 34 3b 29 65 28 72 29 26 26 28 69 3c 38 26 26 28 63 5b 69 5d 3d 6e 28 74 2e 70 6f 77 28 72 2c 2e 35 29 29 29 2c 75 5b 69 5d 3d 6e 28 74 2e 70 6f 77 28 72 2c 31 2f 33 29 29 2c 69 2b 2b 29 2c 72 2b 2b 7d 28 29 3b 76 61 72 20 73 3d 5b 5d 2c 6c 3d 61 2e 53 48 41 32 35 36 3d 6f 2e 65 78 74 65 6e 64 28 7b 5f 64 6f 52 65 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 5f 68 61 73 68 3d 6e 65 77 20 69 2e 69 6e 69 74 28 63 2e 73 6c 69 63 65 28 30 29 29 7d 2c 5f 64 6f 50 72 6f 63 65 73 73 42 6c 6f 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 66 6f 72 28 76 61 72 20 6e 3d 74 68 69 73 2e 5f 68 61 73 68 2e 77 6f 72 64 73 2c 72 3d 6e 5b 30 5d 2c 69 3d 6e 5b 31 5d 2c 6f 3d 6e 5b 32 5d 2c 61 3d 6e 5b 33 5d 2c 63
                                                                                                                                                                                                                                                                                              Data Ascii: ar r=2,i=0;i<64;)e(r)&&(i<8&&(c[i]=n(t.pow(r,.5))),u[i]=n(t.pow(r,1/3)),i++),r++}();var s=[],l=a.SHA256=o.extend({_doReset:function(){this._hash=new i.init(c.slice(0))},_doProcessBlock:function(t,e){for(var n=this._hash.words,r=n[0],i=n[1],o=n[2],a=n[3],c
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1379INData Raw: 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 74 68 69 73 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 69 66 28 21 74 7c 7c 76 6f 69 64 20 30 3d 3d 3d 74 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 20 6e 28 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 74 79 70 65 6f 66 20 74 2b 22 20 22 2b 74 2b 22 20 69 73 20 6e 6f 74 20 69 74 65 72 61 62 6c 65 28 63 61 6e 6e 6f 74 20 72 65 61 64 20 70 72 6f 70 65 72 74 79 20 53 79 6d 62 6f 6c 28 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 29 29 22 29 29 3b 76 61 72 20 72 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 74 29 3b 69 66 28 30 3d 3d 3d 72 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 20 65 28 5b 5d 29 3b 76 61 72 20 69 3d 72 2e 6c 65 6e 67 74 68 3b 66 75
                                                                                                                                                                                                                                                                                              Data Ascii: function(t){return new this((function(e,n){if(!t||void 0===t.length)return n(new TypeError(typeof t+" "+t+" is not iterable(cannot read property Symbol(Symbol.iterator))"));var r=Array.prototype.slice.call(t);if(0===r.length)return e([]);var i=r.length;fu
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1379INData Raw: 64 28 74 29 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 6e 29 72 65 74 75 72 6e 20 76 6f 69 64 20 70 28 28 72 3d 6e 2c 69 3d 65 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 72 2e 61 70 70 6c 79 28 69 2c 61 72 67 75 6d 65 6e 74 73 29 7d 29 2c 74 29 7d 74 2e 5f 73 74 61 74 65 3d 31 2c 74 2e 5f 76 61 6c 75 65 3d 65 2c 64 28 74 29 7d 63 61 74 63 68 28 65 29 7b 66 28 74 2c 65 29 7d 76 61 72 20 72 2c 69 7d 66 75 6e 63 74 69 6f 6e 20 66 28 74 2c 65 29 7b 74 2e 5f 73 74 61 74 65 3d 32 2c 74 2e 5f 76 61 6c 75 65 3d 65 2c 64 28 74 29 7d 66 75 6e 63 74 69 6f 6e 20 64 28 74 29 7b 32 3d 3d 3d 74 2e 5f 73 74 61 74 65 26 26 30 3d 3d 3d 74 2e 5f 64 65 66 65 72 72 65 64 73 2e 6c 65 6e 67 74 68 26 26 75 2e 5f 69 6d 6d 65 64 69 61 74 65 46 6e 28 28 66 75 6e
                                                                                                                                                                                                                                                                                              Data Ascii: d(t);if("function"==typeof n)return void p((r=n,i=e,function(){r.apply(i,arguments)}),t)}t._state=1,t._value=e,d(t)}catch(e){f(t,e)}var r,i}function f(t,e){t._state=2,t._value=e,d(t)}function d(t){2===t._state&&0===t._deferreds.length&&u._immediateFn((fun
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1379INData Raw: 65 77 20 75 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 6e 28 74 29 7d 29 29 7d 2c 75 2e 72 61 63 65 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 75 28 28 66 75 6e 63 74 69 6f 6e 28 65 2c 6e 29 7b 69 66 28 21 61 28 74 29 29 72 65 74 75 72 6e 20 6e 28 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 50 72 6f 6d 69 73 65 2e 72 61 63 65 20 61 63 63 65 70 74 73 20 61 6e 20 61 72 72 61 79 22 29 29 3b 66 6f 72 28 76 61 72 20 72 3d 30 2c 69 3d 74 2e 6c 65 6e 67 74 68 3b 72 3c 69 3b 72 2b 2b 29 75 2e 72 65 73 6f 6c 76 65 28 74 5b 72 5d 29 2e 74 68 65 6e 28 65 2c 6e 29 7d 29 29 7d 2c 75 2e 5f 69 6d 6d 65 64 69 61 74 65 46 6e 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 73 65 74 49 6d 6d 65 64 69 61 74 65 26 26 66 75 6e 63
                                                                                                                                                                                                                                                                                              Data Ascii: ew u((function(e,n){n(t)}))},u.race=function(t){return new u((function(e,n){if(!a(t))return n(new TypeError("Promise.race accepts an array"));for(var r=0,i=t.length;r<i;r++)u.resolve(t[r]).then(e,n)}))},u._immediateFn="function"==typeof setImmediate&&func
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1379INData Raw: 3d 69 29 74 68 72 6f 77 20 6f 3b 72 65 74 75 72 6e 20 43 28 29 7d 66 6f 72 28 6e 2e 6d 65 74 68 6f 64 3d 69 2c 6e 2e 61 72 67 3d 6f 3b 3b 29 7b 76 61 72 20 61 3d 6e 2e 64 65 6c 65 67 61 74 65 3b 69 66 28 61 29 7b 76 61 72 20 63 3d 67 28 61 2c 6e 29 3b 69 66 28 63 29 7b 69 66 28 63 3d 3d 3d 6c 29 63 6f 6e 74 69 6e 75 65 3b 72 65 74 75 72 6e 20 63 7d 7d 69 66 28 22 6e 65 78 74 22 3d 3d 3d 6e 2e 6d 65 74 68 6f 64 29 6e 2e 73 65 6e 74 3d 6e 2e 5f 73 65 6e 74 3d 6e 2e 61 72 67 3b 65 6c 73 65 20 69 66 28 22 74 68 72 6f 77 22 3d 3d 3d 6e 2e 6d 65 74 68 6f 64 29 7b 69 66 28 22 73 75 73 70 65 6e 64 65 64 53 74 61 72 74 22 3d 3d 3d 72 29 74 68 72 6f 77 20 72 3d 22 63 6f 6d 70 6c 65 74 65 64 22 2c 6e 2e 61 72 67 3b 6e 2e 64 69 73 70 61 74 63 68 45 78 63 65 70 74 69
                                                                                                                                                                                                                                                                                              Data Ascii: =i)throw o;return C()}for(n.method=i,n.arg=o;;){var a=n.delegate;if(a){var c=g(a,n);if(c){if(c===l)continue;return c}}if("next"===n.method)n.sent=n._sent=n.arg;else if("throw"===n.method){if("suspendedStart"===r)throw r="completed",n.arg;n.dispatchExcepti
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1379INData Raw: 2c 61 29 7d 29 29 7d 72 65 74 75 72 6e 20 72 3d 72 3f 72 2e 74 68 65 6e 28 61 2c 61 29 3a 61 28 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 67 28 74 2c 65 29 7b 76 61 72 20 6e 3d 74 2e 69 74 65 72 61 74 6f 72 5b 65 2e 6d 65 74 68 6f 64 5d 3b 69 66 28 76 6f 69 64 20 30 3d 3d 3d 6e 29 7b 69 66 28 65 2e 64 65 6c 65 67 61 74 65 3d 6e 75 6c 6c 2c 22 74 68 72 6f 77 22 3d 3d 3d 65 2e 6d 65 74 68 6f 64 29 7b 69 66 28 74 2e 69 74 65 72 61 74 6f 72 2e 72 65 74 75 72 6e 26 26 28 65 2e 6d 65 74 68 6f 64 3d 22 72 65 74 75 72 6e 22 2c 65 2e 61 72 67 3d 76 6f 69 64 20 30 2c 67 28 74 2c 65 29 2c 22 74 68 72 6f 77 22 3d 3d 3d 65 2e 6d 65 74 68 6f 64 29 29 72 65 74 75 72 6e 20 6c 3b 65 2e 6d 65 74 68 6f 64 3d 22 74 68 72 6f 77 22 2c 65 2e 61 72 67 3d 6e 65 77 20 54 79 70 65 45 72
                                                                                                                                                                                                                                                                                              Data Ascii: ,a)}))}return r=r?r.then(a,a):a()}}function g(t,e){var n=t.iterator[e.method];if(void 0===n){if(e.delegate=null,"throw"===e.method){if(t.iterator.return&&(e.method="return",e.arg=void 0,g(t,e),"throw"===e.method))return l;e.method="throw",e.arg=new TypeEr
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC1379INData Raw: 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 74 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3b 72 65 74 75 72 6e 21 21 65 26 26 28 65 3d 3d 3d 64 7c 7c 22 47 65 6e 65 72 61 74 6f 72 46 75 6e 63 74 69 6f 6e 22 3d 3d 3d 28 65 2e 64 69 73 70 6c 61 79 4e 61 6d 65 7c 7c 65 2e 6e 61 6d 65 29 29 7d 2c 74 2e 6d 61 72 6b 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3f 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 28 74 2c 68 29 3a 28 74 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 68 2c 63 28 74 2c 61 2c 22 47 65 6e 65 72 61 74 6f 72 46 75 6e 63 74 69 6f 6e 22 29 29 2c 74 2e 70 72 6f 74 6f 74 79 70 65 3d
                                                                                                                                                                                                                                                                                              Data Ascii: ion=function(t){var e="function"==typeof t&&t.constructor;return!!e&&(e===d||"GeneratorFunction"===(e.displayName||e.name))},t.mark=function(t){return Object.setPrototypeOf?Object.setPrototypeOf(t,h):(t.__proto__=h,c(t,a,"GeneratorFunction")),t.prototype=


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              71192.168.11.205344534.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 265
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC265OUTData Raw: 0a 86 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 48 0a 03 3b 09 01 10 e6 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 22 08 c9 34 12 1d 0a 19 50 6e 61 63 6c 54 72 61 6e 73 6c 61 74 69 6f 6e 43 61 63 68 65 53 69 7a 65 10 00 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04 40 12
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557H;HealthCheckNF1(Z"4PnaclTranslationCacheSize`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H@
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              72192.168.11.205770620.50.2.534432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC970OUTGET /api/mhubc.js HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: mstatic.ccleaner.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C19870%7CvVersion%7C5.5.0; avstperm=C0001%3A0%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0; sourceCodeCookie=999_a8e||source=direct|medium=(none)|campaign=(not set)|segmentCode=a; __trSrc=999_a8e; sdl_cid=748901336.1716727479; _gcl_au=1.1.1566402970.1716727479; __srcCookie=007_z8e||source=(Other)|medium=(none)|campaign=(not set)|segmentCode=z; pglpid=undefined
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC304INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Length: 280367
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              Cache-Control: public, max-age=86400, private
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex,nofollow
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC3589INData Raw: 28 66 75 6e 63 74 69 6f 6e 28 61 70 69 55 72 6c 29 7b 0d 0a 77 69 6e 64 6f 77 2e 6d 68 75 62 63 3d 7b 61 64 73 3a 5b 5d 2c 70 75 73 68 3a 66 75 6e 63 74 69 6f 6e 28 75 29 7b 77 69 6e 64 6f 77 2e 6d 68 75 62 63 2e 71 75 65 75 65 2e 70 75 73 68 28 75 29 7d 2c 71 75 65 75 65 3a 77 69 6e 64 6f 77 2e 6d 68 75 62 63 26 26 77 69 6e 64 6f 77 2e 6d 68 75 62 63 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 3f 77 69 6e 64 6f 77 2e 6d 68 75 62 63 3a 5b 5d 7d 3b 76 61 72 20 75 74 69 6c 3d 7b 64 65 66 69 6e 65 3a 66 75 6e 63 74 69 6f 6e 28 75 2c 6f 2c 74 29 7b 77 69 6e 64 6f 77 2e 73 65 74 54 69 6d 65 6f 75 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 75 74 69 6c 2e 6d 6f 64 75 6c 65 73 5b 75 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 2c 69 3d 6f 2e
                                                                                                                                                                                                                                                                                              Data Ascii: (function(apiUrl){window.mhubc={ads:[],push:function(u){window.mhubc.queue.push(u)},queue:window.mhubc&&window.mhubc instanceof Array?window.mhubc:[]};var util={define:function(u,o,t){window.setTimeout((function(){var e=util.modules[u]=function(){},i=o.
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC4096INData Raw: 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 6f 2c 65 29 3f 74 3d 6f 5b 65 5d 3a 72 26 26 76 6f 69 64 20 30 3d 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 26 26 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 72 2c 65 29 26 26 28 74 3d 72 5b 65 5d 29 7d 72 65 74 75 72 6e 20 74 7d 2c 67 6f 6f 67 2e 46 45 41 54 55 52 45 53 45 54 5f 59 45 41 52 3d 32 30 31 32 2c 67 6f 6f 67 2e 44 45 42 55 47 3d 21 30 2c 67 6f 6f 67 2e 4c 4f 43 41 4c 45 3d 22 65 6e 22 2c 67 6f 6f 67 2e 54 52 55 53 54 45 44 5f 53 49 54 45 3d 21 30 2c 67 6f 6f 67 2e 53 54 52 49 43 54 5f 4d 4f 44 45 5f 43 4f 4d 50 41 54 49 42 4c 45 3d 21 31 2c 67 6f 6f 67 2e 44 49 53 41 4c 4c 4f 57 5f 54 45 53 54 5f 4f 4e 4c 59 5f 43 4f 44 45 3d 43 4f 4d 50 49 4c
                                                                                                                                                                                                                                                                                              Data Ascii: roperty.call(o,e)?t=o[e]:r&&void 0===r.nodeType&&Object.prototype.hasOwnProperty.call(r,e)&&(t=r[e])}return t},goog.FEATURESET_YEAR=2012,goog.DEBUG=!0,goog.LOCALE="en",goog.TRUSTED_SITE=!0,goog.STRICT_MODE_COMPATIBLE=!1,goog.DISALLOW_TEST_ONLY_CODE=COMPIL
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC4096INData Raw: 67 6f 6f 67 2e 66 6f 72 77 61 72 64 44 65 63 6c 61 72 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 7d 2c 43 4f 4d 50 49 4c 45 44 7c 7c 28 67 6f 6f 67 2e 69 73 50 72 6f 76 69 64 65 64 5f 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 20 69 6e 20 67 6f 6f 67 2e 6c 6f 61 64 65 64 4d 6f 64 75 6c 65 73 5f 7c 7c 21 67 6f 6f 67 2e 69 6d 70 6c 69 63 69 74 4e 61 6d 65 73 70 61 63 65 73 5f 5b 65 5d 26 26 6e 75 6c 6c 21 3d 67 6f 6f 67 2e 67 65 74 4f 62 6a 65 63 74 42 79 4e 61 6d 65 28 65 29 7d 2c 67 6f 6f 67 2e 69 6d 70 6c 69 63 69 74 4e 61 6d 65 73 70 61 63 65 73 5f 3d 7b 22 67 6f 6f 67 2e 6d 6f 64 75 6c 65 22 3a 21 30 7d 29 2c 67 6f 6f 67 2e 67 65 74 4f 62 6a 65 63 74 42 79 4e 61 6d 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 65 3d 65 2e 73 70 6c
                                                                                                                                                                                                                                                                                              Data Ascii: goog.forwardDeclare=function(e){},COMPILED||(goog.isProvided_=function(e){return e in goog.loadedModules_||!goog.implicitNamespaces_[e]&&null!=goog.getObjectByName(e)},goog.implicitNamespaces_={"goog.module":!0}),goog.getObjectByName=function(e,t){e=e.spl
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC3222INData Raw: 75 6c 6c 22 3b 69 66 28 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 29 72 65 74 75 72 6e 22 61 72 72 61 79 22 3b 69 66 28 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 4f 62 6a 65 63 74 29 72 65 74 75 72 6e 20 74 3b 76 61 72 20 6f 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2e 63 61 6c 6c 28 65 29 3b 69 66 28 22 5b 6f 62 6a 65 63 74 20 57 69 6e 64 6f 77 5d 22 3d 3d 6f 29 72 65 74 75 72 6e 22 6f 62 6a 65 63 74 22 3b 69 66 28 22 5b 6f 62 6a 65 63 74 20 41 72 72 61 79 5d 22 3d 3d 6f 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 65 2e 6c 65 6e 67 74 68 26 26 76 6f 69 64 20 30 21 3d 3d 65 2e 73 70 6c 69 63 65 26 26 76 6f 69 64 20 30 21 3d 3d 65 2e 70 72 6f 70 65 72 74 79 49 73 45 6e 75 6d 65 72 61 62 6c 65 26 26
                                                                                                                                                                                                                                                                                              Data Ascii: ull";if(e instanceof Array)return"array";if(e instanceof Object)return t;var o=Object.prototype.toString.call(e);if("[object Window]"==o)return"object";if("[object Array]"==o||"number"==typeof e.length&&void 0!==e.splice&&void 0!==e.propertyIsEnumerable&&
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC4096INData Raw: 65 64 3a 20 27 2b 65 29 3b 76 61 72 20 6f 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 67 6f 6f 67 2e 63 73 73 4e 61 6d 65 4d 61 70 70 69 6e 67 5f 5b 65 5d 7c 7c 65 7d 2c 72 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 3d 65 2e 73 70 6c 69 74 28 22 2d 22 29 3b 66 6f 72 28 76 61 72 20 74 3d 5b 5d 2c 72 3d 30 3b 72 3c 65 2e 6c 65 6e 67 74 68 3b 72 2b 2b 29 74 2e 70 75 73 68 28 6f 28 65 5b 72 5d 29 29 3b 72 65 74 75 72 6e 20 74 2e 6a 6f 69 6e 28 22 2d 22 29 7d 3b 72 65 74 75 72 6e 20 72 3d 67 6f 6f 67 2e 63 73 73 4e 61 6d 65 4d 61 70 70 69 6e 67 5f 3f 22 42 59 5f 57 48 4f 4c 45 22 3d 3d 67 6f 6f 67 2e 63 73 73 4e 61 6d 65 4d 61 70 70 69 6e 67 53 74 79 6c 65 5f 3f 6f 3a 72 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 7d 2c 65 3d
                                                                                                                                                                                                                                                                                              Data Ascii: ed: '+e);var o=function(e){return goog.cssNameMapping_[e]||e},r=function(e){e=e.split("-");for(var t=[],r=0;r<e.length;r++)t.push(o(e[r]));return t.join("-")};return r=goog.cssNameMapping_?"BY_WHOLE"==goog.cssNameMappingStyle_?o:r:function(e){return e},e=
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC4096INData Raw: 72 65 74 75 72 6e 21 66 2e 6d 61 74 63 68 28 2f 45 64 67 65 5c 2f 28 5c 64 2b 29 28 5c 2e 5c 64 29 2a 2f 69 29 26 26 62 28 27 28 28 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 63 6c 61 73 73 20 58 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7b 69 66 28 6e 65 77 2e 74 61 72 67 65 74 21 3d 53 74 72 69 6e 67 29 74 68 72 6f 77 20 31 3b 74 68 69 73 2e 78 3d 34 32 7d 7d 6c 65 74 20 71 3d 52 65 66 6c 65 63 74 2e 63 6f 6e 73 74 72 75 63 74 28 58 2c 5b 5d 2c 53 74 72 69 6e 67 29 3b 69 66 28 71 2e 78 21 3d 34 32 7c 7c 21 28 71 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 29 29 74 68 72 6f 77 20 31 3b 66 6f 72 28 63 6f 6e 73 74 20 61 20 6f 66 5b 32 2c 33 5d 29 7b 69 66 28 61 3d 3d 32 29 63 6f 6e 74 69 6e 75 65 3b 66 75 6e 63 74 69 6f 6e 20 66 28 7a 3d
                                                                                                                                                                                                                                                                                              Data Ascii: return!f.match(/Edge\/(\d+)(\.\d)*/i)&&b('(()=>{"use strict";class X{constructor(){if(new.target!=String)throw 1;this.x=42}}let q=Reflect.construct(X,[],String);if(q.x!=42||!(q instanceof String))throw 1;for(const a of[2,3]){if(a==2)continue;function f(z=
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC4096INData Raw: 2e 70 72 6f 74 6f 74 79 70 65 2e 72 65 73 75 6d 65 5f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 70 61 75 73 65 64 5f 26 26 28 74 68 69 73 2e 70 61 75 73 65 64 5f 3d 21 31 2c 74 68 69 73 2e 6c 6f 61 64 44 65 70 73 5f 28 29 29 7d 2c 67 6f 6f 67 2e 44 65 62 75 67 4c 6f 61 64 65 72 5f 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 6f 61 64 69 6e 67 5f 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 74 68 69 73 2e 6c 6f 61 64 69 6e 67 44 65 70 73 5f 2e 70 75 73 68 28 65 29 7d 2c 67 6f 6f 67 2e 44 65 62 75 67 4c 6f 61 64 65 72 5f 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 6f 61 64 65 64 5f 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 3d 30 3b 74 3c 74 68 69 73 2e 6c 6f 61 64 69 6e 67 44 65 70 73 5f 2e 6c 65 6e 67 74 68 3b 74 2b 2b 29 69 66 28 74 68 69 73 2e
                                                                                                                                                                                                                                                                                              Data Ascii: .prototype.resume_=function(){this.paused_&&(this.paused_=!1,this.loadDeps_())},goog.DebugLoader_.prototype.loading_=function(e){this.loadingDeps_.push(e)},goog.DebugLoader_.prototype.loaded_=function(e){for(var t=0;t<this.loadingDeps_.length;t++)if(this.
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC4096INData Raw: 4c 49 43 59 5f 3f 67 6f 6f 67 2e 54 52 55 53 54 45 44 5f 54 59 50 45 53 5f 50 4f 4c 49 43 59 5f 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 74 68 69 73 2e 70 61 74 68 29 3a 74 68 69 73 2e 70 61 74 68 2c 74 2e 68 65 61 64 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 73 29 7d 7d 65 6c 73 65 20 67 6f 6f 67 2e 6c 6f 67 54 6f 43 6f 6e 73 6f 6c 65 5f 28 22 43 61 6e 6e 6f 74 20 75 73 65 20 64 65 66 61 75 6c 74 20 64 65 62 75 67 20 6c 6f 61 64 65 72 20 6f 75 74 73 69 64 65 20 6f 66 20 48 54 4d 4c 20 64 6f 63 75 6d 65 6e 74 73 2e 22 29 2c 22 64 65 70 73 2e 6a 73 22 3d 3d 74 68 69 73 2e 72 65 6c 61 74 69 76 65 50 61 74 68 3f 28 67 6f 6f 67 2e 6c 6f 67 54 6f 43 6f 6e 73 6f 6c 65 5f 28 22 43 6f 6e 73 69 64 65 72 20 73 65 74 74 69 6e 67 20 43 4c 4f 53 55 52 45 5f 49
                                                                                                                                                                                                                                                                                              Data Ascii: LICY_?goog.TRUSTED_TYPES_POLICY_.createScriptURL(this.path):this.path,t.head.appendChild(s)}}else goog.logToConsole_("Cannot use default debug loader outside of HTML documents."),"deps.js"==this.relativePath?(goog.logToConsole_("Consider setting CLOSURE_I
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC4096INData Raw: 4c 28 72 29 3a 72 29 7d 28 29 3a 6f 28 29 7d 7d 7d 2c 67 6f 6f 67 2e 54 72 61 6e 73 66 6f 72 6d 65 64 44 65 70 65 6e 64 65 6e 63 79 2e 70 72 6f 74 6f 74 79 70 65 2e 74 72 61 6e 73 66 6f 72 6d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 7d 2c 67 6f 6f 67 2e 54 72 61 6e 73 70 69 6c 65 64 44 65 70 65 6e 64 65 6e 63 79 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 2c 72 2c 73 2c 6e 29 7b 67 6f 6f 67 2e 54 72 61 6e 73 66 6f 72 6d 65 64 44 65 70 65 6e 64 65 6e 63 79 2e 63 61 6c 6c 28 74 68 69 73 2c 65 2c 74 2c 6f 2c 72 2c 73 29 2c 74 68 69 73 2e 74 72 61 6e 73 70 69 6c 65 72 3d 6e 7d 2c 67 6f 6f 67 2e 69 6e 68 65 72 69 74 73 28 67 6f 6f 67 2e 54 72 61 6e 73 70 69 6c 65 64 44 65 70 65 6e 64 65 6e 63 79 2c 67 6f 6f 67 2e 54 72 61 6e 73 66 6f 72 6d 65 64 44 65 70 65 6e
                                                                                                                                                                                                                                                                                              Data Ascii: L(r):r)}():o()}}},goog.TransformedDependency.prototype.transform=function(e){},goog.TranspiledDependency=function(e,t,o,r,s,n){goog.TransformedDependency.call(this,e,t,o,r,s),this.transpiler=n},goog.inherits(goog.TranspiledDependency,goog.TransformedDepen
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC4096INData Raw: 6d 65 6e 74 73 3b 66 6f 72 28 6f 3d 6f 3f 30 3a 31 3b 6f 3c 72 2e 6c 65 6e 67 74 68 3b 6f 2b 2b 29 7b 69 66 28 6e 75 6c 6c 3d 3d 65 29 72 65 74 75 72 6e 3b 65 3d 65 5b 72 5b 6f 5d 5d 7d 72 65 74 75 72 6e 20 65 7d 2c 67 6f 6f 67 2e 6f 62 6a 65 63 74 2e 63 6f 6e 74 61 69 6e 73 4b 65 79 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 21 3d 3d 65 26 26 74 20 69 6e 20 65 7d 2c 67 6f 6f 67 2e 6f 62 6a 65 63 74 2e 63 6f 6e 74 61 69 6e 73 56 61 6c 75 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6f 20 69 6e 20 65 29 69 66 28 65 5b 6f 5d 3d 3d 74 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 67 6f 6f 67 2e 6f 62 6a 65 63 74 2e 66 69 6e 64 4b 65 79 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6f 29
                                                                                                                                                                                                                                                                                              Data Ascii: ments;for(o=o?0:1;o<r.length;o++){if(null==e)return;e=e[r[o]]}return e},goog.object.containsKey=function(e,t){return null!==e&&t in e},goog.object.containsValue=function(e,t){for(var o in e)if(e[o]==t)return!0;return!1},goog.object.findKey=function(e,t,o)


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              73192.168.11.2064512142.251.167.1554432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC795OUTGET /pagead/landing?gcs=G111&gcd=13t3t3t3t5&rnd=2125617828.1716727479&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060&dma=0&npa=0&gtm=45He45m0n71KFXRTRv71945860za200&auid=1566402970.1716727479 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: googleads.g.doubleclick.net
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwB
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC791INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
                                                                                                                                                                                                                                                                                              Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                                                                                                                              Content-Security-Policy: script-src 'none'; object-src 'none'
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cafe
                                                                                                                                                                                                                                                                                              Content-Length: 42
                                                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                              Set-Cookie: test_cookie=CheckForPermission; expires=Sun, 26-May-2024 12:59:41 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              74192.168.11.2054375104.19.178.524432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC639OUTGET /consent/831b8ee0-e952-49a5-af6b-01382c722774/508b8439-6d82-43c5-aed5-156f03a3876f/en.json HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC902INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/x-javascript
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              CF-Ray: 889ddba46f4020b4-IAD
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Age: 57455
                                                                                                                                                                                                                                                                                              Cache-Control: public, max-age=86400
                                                                                                                                                                                                                                                                                              Expires: Mon, 27 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Last-Modified: Mon, 20 Jun 2022 08:17:11 GMT
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Content-MD5: i0ofUXVu/TqOH4J3xgmSUw==
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-request-id: 205001ce-701e-00a3-5972-795c46000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC467INData Raw: 37 63 31 62 0d 0a 7b 22 44 6f 6d 61 69 6e 44 61 74 61 22 3a 7b 22 70 63 6c 69 66 65 53 70 61 6e 59 72 22 3a 22 59 65 61 72 22 2c 22 70 63 6c 69 66 65 53 70 61 6e 59 72 73 22 3a 22 59 65 61 72 73 22 2c 22 70 63 6c 69 66 65 53 70 61 6e 53 65 63 73 22 3a 22 41 20 66 65 77 20 73 65 63 6f 6e 64 73 22 2c 22 70 63 6c 69 66 65 53 70 61 6e 57 6b 22 3a 22 57 65 65 6b 22 2c 22 70 63 6c 69 66 65 53 70 61 6e 57 6b 73 22 3a 22 57 65 65 6b 73 22 2c 22 70 63 63 6c 6f 73 65 42 75 74 74 6f 6e 54 79 70 65 22 3a 22 49 63 6f 6e 22 2c 22 70 63 63 6f 6e 74 69 6e 75 65 57 69 74 68 6f 75 74 41 63 63 65 70 74 54 65 78 74 22 3a 22 43 6f 6e 74 69 6e 75 65 20 77 69 74 68 6f 75 74 20 41 63 63 65 70 74 69 6e 67 22 2c 22 63 63 74 49 64 22 3a 22 38 33 31 62 38 65 65 30 2d 65 39 35 32 2d
                                                                                                                                                                                                                                                                                              Data Ascii: 7c1b{"DomainData":{"pclifeSpanYr":"Year","pclifeSpanYrs":"Years","pclifeSpanSecs":"A few seconds","pclifeSpanWk":"Week","pclifeSpanWks":"Weeks","pccloseButtonType":"Icon","pccontinueWithoutAcceptText":"Continue without Accepting","cctId":"831b8ee0-e952-
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 64 20 65 6e 61 62 6c 65 20 75 73 20 74 6f 20 73 68 6f 77 20 72 65 6c 65 76 61 6e 74 20 6d 61 72 6b 65 74 69 6e 67 20 63 6f 6e 74 65 6e 74 2e 20 59 6f 75 20 63 61 6e 20 6d 61 6e 61 67 65 20 63 6f 6f 6b 69 65 20 73 65 74 74 69 6e 67 73 20 62 65 6c 6f 77 2e 20 42 79 20 63 6c 69 63 6b 69 6e 67 20 e2 80 9c 43 6f 6e 66 69 72 6d 20 53 65 6c 65 63 74 69 6f 6e e2 80 9d 20 79 6f 75 20 61 67 72 65 65 20 77 69 74 68 20 74 68 65 20 63 75 72 72 65 6e 74 20 73 65 74 74 69 6e 67 73 2e 20 53 65 65 22 2c 22 41 62 6f 75 74 54 65 78 74 22 3a 22 43 6f 6f 6b 69 65 73 20 70 6f 6c 69 63 79 22 2c 22 41 62 6f 75 74 43 6f 6f 6b 69 65 73 54 65 78 74 22 3a 22 59 6f 75 72 20 50 72 69 76 61 63 79 22 2c 22 43 6f 6e 66 69 72 6d 54 65 78 74 22 3a 22 41 63 63 65 70 74 20 41 6c 6c 22 2c 22
                                                                                                                                                                                                                                                                                              Data Ascii: d enable us to show relevant marketing content. You can manage cookie settings below. By clicking Confirm Selection you agree with the current settings. See","AboutText":"Cookies policy","AboutCookiesText":"Your Privacy","ConfirmText":"Accept All","
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 78 74 22 3a 22 4c 69 73 74 20 6f 66 20 49 41 42 20 56 65 6e 64 6f 72 73 22 2c 22 54 68 69 72 64 50 61 72 74 79 43 6f 6f 6b 69 65 4c 69 73 74 54 65 78 74 22 3a 22 43 6f 6f 6b 69 65 73 20 44 65 74 61 69 6c 73 22 2c 22 50 72 65 66 65 72 65 6e 63 65 43 65 6e 74 65 72 4d 61 6e 61 67 65 50 72 65 66 65 72 65 6e 63 65 73 54 65 78 74 22 3a 22 20 4d 61 6e 61 67 65 20 43 6f 6e 73 65 6e 74 20 50 72 65 66 65 72 65 6e 63 65 73 22 2c 22 50 72 65 66 65 72 65 6e 63 65 43 65 6e 74 65 72 4d 6f 72 65 49 6e 66 6f 53 63 72 65 65 6e 52 65 61 64 65 72 22 3a 22 4f 70 65 6e 73 20 69 6e 20 61 20 6e 65 77 20 54 61 62 22 2c 22 43 6f 6f 6b 69 65 4c 69 73 74 54 69 74 6c 65 22 3a 22 43 6f 6f 6b 69 65 20 4c 69 73 74 22 2c 22 43 6f 6f 6b 69 65 4c 69 73 74 44 65 73 63 72 69 70 74 69 6f 6e
                                                                                                                                                                                                                                                                                              Data Ascii: xt":"List of IAB Vendors","ThirdPartyCookieListText":"Cookies Details","PreferenceCenterManagePreferencesText":" Manage Consent Preferences","PreferenceCenterMoreInfoScreenReader":"Opens in a new Tab","CookieListTitle":"Cookie List","CookieListDescription
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 20 74 6f 20 73 65 63 75 72 65 20 61 72 65 61 73 20 6f 66 20 74 68 65 20 77 65 62 73 69 74 65 2e 20 54 68 65 20 77 65 62 73 69 74 65 20 63 61 6e 6e 6f 74 20 66 75 6e 63 74 69 6f 6e 20 70 72 6f 70 65 72 6c 79 20 77 69 74 68 6f 75 74 20 74 68 65 73 65 20 63 6f 6f 6b 69 65 73 2e 22 2c 22 47 72 6f 75 70 4e 61 6d 65 4d 6f 62 69 6c 65 22 3a 22 4e 65 63 65 73 73 61 72 79 20 63 6f 6f 6b 69 65 73 22 2c 22 47 72 6f 75 70 4e 61 6d 65 4f 54 54 22 3a 22 4e 65 63 65 73 73 61 72 79 20 63 6f 6f 6b 69 65 73 22 2c 22 47 72 6f 75 70 4e 61 6d 65 22 3a 22 4e 65 63 65 73 73 61 72 79 20 63 6f 6f 6b 69 65 73 22 2c 22 49 73 49 61 62 50 75 72 70 6f 73 65 22 3a 66 61 6c 73 65 2c 22 47 65 6e 65 72 61 6c 56 65 6e 64 6f 72 73 49 64 73 22 3a 5b 5d 2c 22 46 69 72 73 74 50 61 72 74 79 43
                                                                                                                                                                                                                                                                                              Data Ascii: to secure areas of the website. The website cannot function properly without these cookies.","GroupNameMobile":"Necessary cookies","GroupNameOTT":"Necessary cookies","GroupName":"Necessary cookies","IsIabPurpose":false,"GeneralVendorsIds":[],"FirstPartyC
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 2c 22 69 64 22 3a 22 63 38 39 38 35 65 61 62 2d 66 66 64 30 2d 34 61 30 34 2d 38 63 65 66 2d 66 64 32 63 37 33 31 65 64 31 32 61 22 2c 22 4e 61 6d 65 22 3a 22 5f 63 63 5f 6c 61 6e 67 43 68 6f 69 63 65 22 2c 22 48 6f 73 74 22 3a 22 77 77 77 2e 63 63 6c 65 61 6e 65 72 2e 63 6f 6d 22 2c 22 49 73 53 65 73 73 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 4c 65 6e 67 74 68 22 3a 22 33 36 34 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 22 2c 22 44 75 72 61 74 69 6f 6e 54 79 70 65 22 3a 31 2c 22 63 61 74 65 67 6f 72 79 22 3a 6e 75 6c 6c 2c 22 69 73 54 68 69 72 64 50 61 72 74 79 22 3a 66 61 6c 73 65 7d 2c 7b 22 74 68 69 72 64 50 61 72 74 79 44 65 73 63 72 69 70 74 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 70 61 74 74 65 72 6e 4b 65 79 22 3a 6e 75 6c 6c 2c 22 74 68 69 72 64 50
                                                                                                                                                                                                                                                                                              Data Ascii: ,"id":"c8985eab-ffd0-4a04-8cef-fd2c731ed12a","Name":"_cc_langChoice","Host":"www.ccleaner.com","IsSession":false,"Length":"364","description":"","DurationType":1,"category":null,"isThirdParty":false},{"thirdPartyDescription":null,"patternKey":null,"thirdP
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 77 77 2e 63 63 6c 65 61 6e 65 72 2e 63 6f 6d 22 2c 22 49 73 53 65 73 73 69 6f 6e 22 3a 74 72 75 65 2c 22 4c 65 6e 67 74 68 22 3a 22 30 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 69 73 20 63 6f 6f 6b 69 65 20 69 73 20 73 65 74 20 62 79 20 77 65 62 73 69 74 65 73 20 72 75 6e 20 6f 6e 20 74 68 65 20 57 69 6e 64 6f 77 73 20 41 7a 75 72 65 20 63 6c 6f 75 64 20 70 6c 61 74 66 6f 72 6d 2e 20 49 74 20 69 73 20 75 73 65 64 20 66 6f 72 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 20 74 6f 20 6d 61 6b 65 20 73 75 72 65 20 74 68 65 20 76 69 73 69 74 6f 72 20 70 61 67 65 20 72 65 71 75 65 73 74 73 20 61 72 65 20 72 6f 75 74 65 64 20 74 6f 20 74 68 65 20 73 61 6d 65 20 73 65 72 76 65 72 20 69 6e 20 61 6e 79 20 62 72 6f 77 73 69 6e 67 20 73 65 73 73 69 6f
                                                                                                                                                                                                                                                                                              Data Ascii: ww.ccleaner.com","IsSession":true,"Length":"0","description":"This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing sessio
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 4b 65 79 22 3a 6e 75 6c 6c 2c 22 74 68 69 72 64 50 61 72 74 79 4b 65 79 22 3a 22 22 2c 22 66 69 72 73 74 50 61 72 74 79 4b 65 79 22 3a 22 43 6f 6f 6b 69 65 4f 70 74 61 6e 6f 6e 41 6c 65 72 74 42 6f 78 43 6c 6f 73 65 64 22 2c 22 69 64 22 3a 22 33 36 65 33 33 32 31 30 2d 36 64 30 36 2d 34 63 34 63 2d 38 38 66 66 2d 66 62 37 64 31 31 37 39 39 64 61 35 22 2c 22 4e 61 6d 65 22 3a 22 4f 70 74 61 6e 6f 6e 41 6c 65 72 74 42 6f 78 43 6c 6f 73 65 64 22 2c 22 48 6f 73 74 22 3a 22 73 65 63 75 72 65 2e 63 63 6c 65 61 6e 65 72 2e 63 6f 6d 22 2c 22 49 73 53 65 73 73 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 4c 65 6e 67 74 68 22 3a 22 33 36 34 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 69 73 20 63 6f 6f 6b 69 65 20 69 73 20 73 65 74 20 62 79 20 77 65 62 73 69 74
                                                                                                                                                                                                                                                                                              Data Ascii: Key":null,"thirdPartyKey":"","firstPartyKey":"CookieOptanonAlertBoxClosed","id":"36e33210-6d06-4c4c-88ff-fb7d11799da5","Name":"OptanonAlertBoxClosed","Host":"secure.ccleaner.com","IsSession":false,"Length":"364","description":"This cookie is set by websit
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 67 74 6d 5f 55 41 2d 22 2c 22 66 69 72 73 74 50 61 72 74 79 4b 65 79 22 3a 22 50 61 74 74 65 72 6e 7c 5f 64 63 5f 67 74 6d 5f 55 41 2d 22 2c 22 69 64 22 3a 22 65 61 31 38 39 31 66 63 2d 33 30 34 39 2d 34 62 66 34 2d 61 32 61 37 2d 63 66 66 37 35 33 39 34 38 37 36 36 22 2c 22 4e 61 6d 65 22 3a 22 5f 64 63 5f 67 74 6d 5f 55 41 2d 78 78 78 78 78 78 78 78 22 2c 22 48 6f 73 74 22 3a 22 63 63 6c 65 61 6e 65 72 2e 63 6f 6d 22 2c 22 49 73 53 65 73 73 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 4c 65 6e 67 74 68 22 3a 22 30 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 69 73 20 63 6f 6f 6b 69 65 20 69 73 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 73 69 74 65 73 20 75 73 69 6e 67 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 74 6f 20 6c 6f
                                                                                                                                                                                                                                                                                              Data Ascii: gtm_UA-","firstPartyKey":"Pattern|_dc_gtm_UA-","id":"ea1891fc-3049-4bf4-a2a7-cff753948766","Name":"_dc_gtm_UA-xxxxxxxx","Host":"ccleaner.com","IsSession":false,"Length":"0","description":"This cookie is associated with sites using Google Tag Manager to lo
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 6f 6f 6b 69 65 73 20 69 6e 20 65 61 63 68 20 63 61 74 65 67 6f 72 79 20 66 72 6f 6d 20 62 65 69 6e 67 20 73 65 74 20 69 6e 20 74 68 65 20 75 73 65 72 73 20 62 72 6f 77 73 65 72 2c 20 77 68 65 6e 20 63 6f 6e 73 65 6e 74 20 69 73 20 6e 6f 74 20 67 69 76 65 6e 2e 20 54 68 65 20 63 6f 6f 6b 69 65 20 68 61 73 20 61 20 6e 6f 72 6d 61 6c 20 6c 69 66 65 73 70 61 6e 20 6f 66 20 6f 6e 65 20 79 65 61 72 2c 20 73 6f 20 74 68 61 74 20 72 65 74 75 72 6e 69 6e 67 20 76 69 73 69 74 6f 72 73 20 74 6f 20 74 68 65 20 73 69 74 65 20 77 69 6c 6c 20 68 61 76 65 20 74 68 65 69 72 20 70 72 65 66 65 72 65 6e 63 65 73 20 72 65 6d 65 6d 62 65 72 65 64 2e 20 49 74 20 63 6f 6e 74 61 69 6e 73 20 6e 6f 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 74 68 61 74 20 63 61 6e 20 69 64 65 6e 74 69
                                                                                                                                                                                                                                                                                              Data Ascii: ookies in each category from being set in the users browser, when consent is not given. The cookie has a normal lifespan of one year, so that returning visitors to the site will have their preferences remembered. It contains no information that can identi
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 22 31 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 22 2c 22 44 75 72 61 74 69 6f 6e 54 79 70 65 22 3a 31 2c 22 63 61 74 65 67 6f 72 79 22 3a 6e 75 6c 6c 2c 22 69 73 54 68 69 72 64 50 61 72 74 79 22 3a 66 61 6c 73 65 7d 2c 7b 22 74 68 69 72 64 50 61 72 74 79 44 65 73 63 72 69 70 74 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 70 61 74 74 65 72 6e 4b 65 79 22 3a 6e 75 6c 6c 2c 22 74 68 69 72 64 50 61 72 74 79 4b 65 79 22 3a 6e 75 6c 6c 2c 22 66 69 72 73 74 50 61 72 74 79 4b 65 79 22 3a 6e 75 6c 6c 2c 22 69 64 22 3a 22 61 39 36 61 37 36 65 61 2d 39 66 30 65 2d 34 32 38 61 2d 38 39 64 35 2d 32 63 65 65 63 66 32 65 64 37 34 39 22 2c 22 4e 61 6d 65 22 3a 22 63 62 73 65 73 73 69 6f 6e 31 22 2c 22 48 6f 73 74 22 3a 22 73 65 63 75 72 65 2e 63 63 6c 65 61 6e 65 72 2e 63
                                                                                                                                                                                                                                                                                              Data Ascii: "1","description":"","DurationType":1,"category":null,"isThirdParty":false},{"thirdPartyDescription":null,"patternKey":null,"thirdPartyKey":null,"firstPartyKey":null,"id":"a96a76ea-9f0e-428a-89d5-2ceecf2ed749","Name":"cbsession1","Host":"secure.ccleaner.c


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              75192.168.11.205611263.140.39.934432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC2448OUTGET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s65133898573217?AQB=1&ndh=1&pf=1&t=26%2F4%2F2024%208%3A44%3A39%200%20240&mid=12586703185176664232105342814118163955&aamlh=7&ce=UTF-8&pageName=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-24-11060&g=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&cc=USD&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&c14=D%3Dv16&v18=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-24-11060&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&c35=D%3DpageName&c41=ccleaner&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-04-17&c48=CCleaner%20v6.24.11060&v48=D%3Dc49&c49=knowledge&v49=D%3Dc48&v57=12586703185176664232105342814118163955&c59=ccleaner%3Aknowledge%3Accleaner-v6-24-11060&v59=D%3Dc59&v72=ccleaner&c75=D%3Dv57&v96=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060&v164=ccleaner%3A999_a&s=1920x1080&c=24&j=1.6&v=N&k=Y&bw=1920&bh=969&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: oms.ccleaner.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: same-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: avstperm=C0001%3A0%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0; sourceCodeCookie=999_a8e||source=direct|medium=(none)|campaign=(not set)|segmentCode=a; __trSrc=999_a8e; sdl_cid=748901336.1716727479; _gcl_au=1.1.1566402970.1716727479; __srcCookie=007_z8e||source=(Other)|medium=(none)|campaign=(not set)|segmentCode=z; pglpid=undefined; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C19870%7CMCMID%7C12586703185176664232105342814118163955%7CMCAAMLH-1717332278%7C7%7CMCAAMB-1717332278%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1716734678s%7CNONE%7CvVersion%7C5.5.0; s_nr=1716727479272-New; event69=event69; channelStack=s_eVar72~ccleaner; s_tbm=true; s_gpv=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-24-11060; s_gpv_custom=ccleaner%3Aknowledge%3Accleaner-v6-24-11060; s_cc=true
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC574INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              access-control-allow-origin: *
                                                                                                                                                                                                                                                                                              date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              expires: Sat, 25 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              last-modified: Mon, 27 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                                                                                                                                              p3p: CP="This is not a P3P policy"
                                                                                                                                                                                                                                                                                              server: jag
                                                                                                                                                                                                                                                                                              etag: 3686644193774370816-4618486012323865332
                                                                                                                                                                                                                                                                                              vary: *
                                                                                                                                                                                                                                                                                              content-type: image/gif;charset=utf-8
                                                                                                                                                                                                                                                                                              content-length: 43
                                                                                                                                                                                                                                                                                              strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              cache-control: no-cache, no-store, max-age=0, no-transform, private
                                                                                                                                                                                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                              x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC43INData Raw: 47 49 46 38 39 61 02 00 02 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 02 00 02 00 00 02 02 84 51 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,Q;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              76192.168.11.205437634.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 325
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC325OUTData Raw: 0a c2 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 83 01 0a 03 3b 03 01 10 e8 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 5d 0a 0c 63 63 36 20 72 65 73 65 61 72 63 68 12 09 44 65 74 65 63 74 69 6f 6e 1a 10 77 65 62 76 69 65 77 32 20 3a 3a 20 6e 75 6c 6c 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 02 18 01 42 09 08 00 10 00 1a 03 31 2d 61 4a 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38 65 5f 6d 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(Z]cc6 researchDetectionwebview2 :: null (2B1-aJmmm_ccl_003_999_a8e_m`"D6.24.110
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              77192.168.11.206038954.146.244.2284432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC668OUTGET /ibs:dpid=411&dpuuid=ZlMuuAAAALyDAwN_ HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: dpm.demdex.net
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: demdex=12420529992577389502124774616857229634
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC889INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                                                                                                                              Content-Length: 42
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              X-TID: x1rVHTiEQR0=
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: Thu, 01 Jan 1970 00:00:00 UTC
                                                                                                                                                                                                                                                                                              P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              DCS: dcs-prod-va6-2-v060-053054ac2.edge-va6.demdex.com 1 ms
                                                                                                                                                                                                                                                                                              set-cookie: dpm=12420529992577389502124774616857229634; Max-Age=15552000; Expires=Fri, 22 Nov 2024 12:44:41 GMT; Path=/; Domain=.dpm.demdex.net; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              set-cookie: demdex=12420529992577389502124774616857229634; Max-Age=15552000; Expires=Fri, 22 Nov 2024 12:44:41 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              78192.168.11.206268069.147.92.124432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC566OUTGET /wi/config/10180940.json HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: s.yimg.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1043INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              x-amz-id-2: onjxl6QNTifwrT+iaHdCNGsBiCvTt/rr0rk+tqwBLm0GVczcmHkoewW9F3P/7hZKuUnXSdAqJMayZqTTZEUJ6A==
                                                                                                                                                                                                                                                                                              x-amz-request-id: ZCFF84QFPCA0XQHA
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 11:55:17 GMT
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                              Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
                                                                                                                                                                                                                                                                                              Last-Modified: Sun, 26 May 2024 11:35:42 GMT
                                                                                                                                                                                                                                                                                              x-amz-expiration: expiry-date="Tue, 01 Jul 2025 00:00:00 GMT", rule-id="oath-standard-lifecycle"
                                                                                                                                                                                                                                                                                              x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                                              x-amz-version-id: pVfBsQg.8xo0NXDKQ7bgdIHmg37OwqTA
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Content-Type: application/json
                                                                                                                                                                                                                                                                                              Server: ATS
                                                                                                                                                                                                                                                                                              Content-Length: 46
                                                                                                                                                                                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                                                                                              Etag: "5df7dee99a3ff0ef853b4c1a7e8a6f34"
                                                                                                                                                                                                                                                                                              Age: 2965
                                                                                                                                                                                                                                                                                              ATS-Carp-Promotion: 1
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                              Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
                                                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              ATS-Carp-Promotion: 1
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC46INData Raw: 7b 22 70 69 78 65 6c 49 64 22 3a 31 30 31 38 30 39 34 30 2c 22 75 73 65 31 73 74 50 61 72 74 79 43 6f 6f 6b 69 65 73 22 3a 74 72 75 65 7d
                                                                                                                                                                                                                                                                                              Data Ascii: {"pixelId":10180940,"use1stPartyCookies":true}


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              79192.168.11.206070499.84.191.434432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:40 UTC551OUTGET /modules.305879d9d5e96288a7f4.js HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: script.hotjar.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC719INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                                                                                                                              Content-Length: 227453
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Date: Fri, 24 May 2024 13:19:12 GMT
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=31536000
                                                                                                                                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                              ETag: "fd47ad482bc2d96bdb4ee301de8723d4"
                                                                                                                                                                                                                                                                                              Last-Modified: Fri, 24 May 2024 13:18:49 GMT
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=2592000; includeSubDomains
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              X-Robots-Tag: none
                                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                              X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                                              Via: 1.1 c307613fe3146dad6950808dc74f82f6.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                              X-Amz-Cf-Pop: IAD89-C2
                                                                                                                                                                                                                                                                                              X-Amz-Cf-Id: VY_VPb2bBdekgYq8M6ztsLUn7ayQE6ENBSc9wFnNBeVJoZakejM7CA==
                                                                                                                                                                                                                                                                                              Age: 170729
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC15665INData Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 6d 6f 64 75 6c 65 73 2e 33 30 35 38 37 39 64 39 64 35 65 39 36 32 38 38 61 37 66 34 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 7b 34 37 38 38 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 64 28 74 2c 7b 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 72 7d 7d 29 3b 63 6f 6e 73 74 20 72 3d 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 7b 49 44 45 4e 54 49 46 59 5f 55 53 45 52 3a 22 69 64 65 6e 74 69 66 79 5f 75 73 65 72 22 2c 41 55 54 4f 54 41 47 5f 52 45 43 4f 52 44 49 4e 47 3a 22 61 75 74 6f 74 61 67 5f 72 65 63 6f
                                                                                                                                                                                                                                                                                              Data Ascii: /*! For license information please see modules.305879d9d5e96288a7f4.js.LICENSE.txt */!function(){var e={4788:function(e,t,n){"use strict";n.d(t,{s:function(){return r}});const r=Object.freeze({IDENTIFY_USER:"identify_user",AUTOTAG_RECORDING:"autotag_reco
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC16384INData Raw: 29 3c 3d 65 7d 29 2c 22 69 64 65 6e 74 69 66 69 65 72 2e 63 6f 6d 70 61 72 65 52 61 74 69 6f 22 29 7d 2c 61 3d 6e 28 34 38 30 38 29 2c 73 3d 5b 22 61 66 22 2c 22 61 72 22 2c 22 62 67 22 2c 22 63 61 22 2c 22 63 73 22 2c 22 63 79 22 2c 22 64 61 22 2c 22 64 65 22 2c 22 65 6c 22 2c 22 65 6e 22 2c 22 65 73 22 2c 22 65 74 22 2c 22 66 61 22 2c 22 66 69 22 2c 22 66 72 22 2c 22 68 65 22 2c 22 68 72 22 2c 22 68 75 22 2c 22 69 64 22 2c 22 69 74 22 2c 22 6a 61 22 2c 22 6b 6f 22 2c 22 6c 74 22 2c 22 6c 76 22 2c 22 6d 69 73 22 2c 22 6e 62 22 2c 22 6e 6c 22 2c 22 70 6c 22 2c 22 70 74 5f 42 52 22 2c 22 70 74 22 2c 22 72 6f 22 2c 22 72 75 22 2c 22 73 6b 22 2c 22 73 6c 22 2c 22 73 71 22 2c 22 73 72 22 2c 22 73 76 22 2c 22 73 77 22 2c 22 74 68 22 2c 22 74 6c 22 2c 22 74 72
                                                                                                                                                                                                                                                                                              Data Ascii: )<=e}),"identifier.compareRatio")},a=n(4808),s=["af","ar","bg","ca","cs","cy","da","de","el","en","es","et","fa","fi","fr","he","hr","hu","id","it","ja","ko","lt","lv","mis","nb","nl","pl","pt_BR","pt","ro","ru","sk","sl","sq","sr","sv","sw","th","tl","tr
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC16384INData Raw: 65 74 74 69 6e 67 73 2e 73 69 74 65 5f 69 64 2c 22 2f 70 6f 6c 6c 2f 22 29 2e 63 6f 6e 63 61 74 28 74 2c 22 2f 72 65 73 70 6f 6e 73 65 2f 22 29 2e 63 6f 6e 63 61 74 28 61 29 2c 6e 2c 6f 2c 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 65 2e 69 73 5f 6e 65 77 5f 72 65 73 70 6f 6e 73 65 26 26 68 6a 2e 65 76 65 6e 74 2e 73 69 67 6e 61 6c 28 22 70 6f 6c 6c 2e 73 65 6e 64 22 2c 7b 69 64 3a 74 2c 72 65 73 70 6f 6e 73 65 5f 69 64 3a 65 2e 70 6f 6c 6c 5f 72 65 73 70 6f 6e 73 65 5f 69 64 7d 29 2c 6e 75 6c 6c 3d 3d 69 7c 7c 69 28 65 29 7d 29 29 7d 29 2c 22 64 61 74 61 22 29 2c 74 2e 63 6f 6d 70 6c 65 74 65 50 6f 6c 6c 52 65 73 70 6f 6e 73 65 3d 68 6a 2e 74 72 79 43 61 74 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 72 3d 68 6a 2e 77 69 64 67 65 74 2e
                                                                                                                                                                                                                                                                                              Data Ascii: ettings.site_id,"/poll/").concat(t,"/response/").concat(a),n,o,(function(e){e.is_new_response&&hj.event.signal("poll.send",{id:t,response_id:e.poll_response_id}),null==i||i(e)}))}),"data"),t.completePollResponse=hj.tryCatch((function(t,n){var r=hj.widget.
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC16384INData Raw: 65 29 7b 69 66 28 21 65 29 72 65 74 75 72 6e 20 65 3b 76 61 72 20 74 3d 65 2e 63 68 61 72 41 74 28 30 29 3b 72 65 74 75 72 6e 2f 5c 64 2f 2e 74 65 73 74 28 74 29 3f 22 5c 5c 33 22 2b 74 2b 22 20 22 2b 65 2e 73 6c 69 63 65 28 31 29 3a 65 7d 2c 62 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 7c 7c 22 2d 22 21 3d 3d 65 2e 63 68 61 72 41 74 28 30 29 29 72 65 74 75 72 6e 20 65 3b 76 61 72 20 74 3d 65 2e 63 68 61 72 41 74 28 30 29 2c 6e 3d 65 2e 63 68 61 72 41 74 28 31 29 3b 72 65 74 75 72 6e 2f 5c 64 2f 2e 74 65 73 74 28 6e 29 3f 74 2b 22 5c 5c 33 22 2b 6e 2b 22 20 22 2b 65 2e 73 6c 69 63 65 28 32 29 3a 65 7d 2c 77 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6c 65 6e 67 74 68 26 26 22 2d 22 3d 3d 3d 65 7d 2c 53 3d 66
                                                                                                                                                                                                                                                                                              Data Ascii: e){if(!e)return e;var t=e.charAt(0);return/\d/.test(t)?"\\3"+t+" "+e.slice(1):e},b=function(e){if(!e||"-"!==e.charAt(0))return e;var t=e.charAt(0),n=e.charAt(1);return/\d/.test(n)?t+"\\3"+n+" "+e.slice(2):e},w=function(e){return 1===e.length&&"-"===e},S=f
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC16384INData Raw: 74 69 61 6c 69 7a 65 64 28 29 29 3b 76 61 72 20 6f 3d 42 2e 79 2e 67 65 74 28 22 74 61 67 73 54 6f 50 72 6f 63 65 73 73 22 29 3b 6f 2e 6c 65 6e 67 74 68 26 26 28 28 30 2c 63 2e 4e 29 28 69 2e 73 2e 54 41 47 5f 52 45 43 4f 52 44 49 4e 47 2c 6f 2c 21 30 29 2e 66 6c 75 73 68 28 29 2c 42 2e 79 2e 73 65 74 28 22 74 61 67 73 54 6f 50 72 6f 63 65 73 73 22 2c 5b 5d 29 29 3b 76 61 72 20 6c 3d 42 2e 79 2e 67 65 74 28 22 61 75 74 6f 54 61 67 73 54 6f 50 72 6f 63 65 73 73 22 29 3b 6c 2e 6c 65 6e 67 74 68 26 26 28 28 30 2c 63 2e 4e 29 28 69 2e 73 2e 41 55 54 4f 54 41 47 5f 52 45 43 4f 52 44 49 4e 47 2c 6c 2c 21 30 29 2e 66 6c 75 73 68 28 29 2c 42 2e 79 2e 73 65 74 28 22 61 75 74 6f 54 61 67 73 54 6f 50 72 6f 63 65 73 73 22 2c 5b 5d 29 29 2c 68 6a 2e 73 65 74 74 69 6e
                                                                                                                                                                                                                                                                                              Data Ascii: tialized());var o=B.y.get("tagsToProcess");o.length&&((0,c.N)(i.s.TAG_RECORDING,o,!0).flush(),B.y.set("tagsToProcess",[]));var l=B.y.get("autoTagsToProcess");l.length&&((0,c.N)(i.s.AUTOTAG_RECORDING,l,!0).flush(),B.y.set("autoTagsToProcess",[])),hj.settin
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC16384INData Raw: 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 6e 2e 61 74 74 72 69 62 75 74 65 73 3d 21 30 2c 6e 2e 61 74 74 72 69 62 75 74 65 4f 6c 64 56 61 6c 75 65 73 3d 6e 2e 61 74 74 72 69 62 75 74 65 4f 6c 64 56 61 6c 75 65 73 7c 7c 7b 7d 2c 65 20 69 6e 20 6e 2e 61 74 74 72 69 62 75 74 65 4f 6c 64 56 61 6c 75 65 73 7c 7c 28 6e 2e 61 74 74 72 69 62 75 74 65 4f 6c 64 56 61 6c 75 65 73 5b 65 5d 3d 74 29 7d 29 2c 22 4e 6f 64 65 43 68 61 6e 67 65 2e 61 74 74 72 69 62 75 74 65 4d 75 74 61 74 65 64 22 29 2c 74 68 69 73 2e 63 68 61 72 61 63 74 65 72 44 61 74 61 4d 75 74 61 74 65 64 3d 68 6a 2e 74 72 79 43 61 74 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 6e 2e 63 68 61 72 61 63 74 65 72 44 61 74 61 7c 7c 28 6e 2e 63 68 61 72 61 63 74 65 72 44 61 74 61 3d 21 30 2c 6e 2e 63 68 61
                                                                                                                                                                                                                                                                                              Data Ascii: nction(e,t){n.attributes=!0,n.attributeOldValues=n.attributeOldValues||{},e in n.attributeOldValues||(n.attributeOldValues[e]=t)}),"NodeChange.attributeMutated"),this.characterDataMutated=hj.tryCatch((function(e){n.characterData||(n.characterData=!0,n.cha
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC16384INData Raw: 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 3d 65 2e 6b 65 79 73 28 29 3b 6e 2e 6c 65 6e 67 74 68 3b 29 7b 66 6f 72 28 76 61 72 20 72 3d 6e 5b 30 5d 3b 72 2e 70 72 65 76 69 6f 75 73 53 69 62 6c 69 6e 67 26 26 65 2e 68 61 73 28 72 2e 70 72 65 76 69 6f 75 73 53 69 62 6c 69 6e 67 29 3b 29 72 3d 72 2e 70 72 65 76 69 6f 75 73 53 69 62 6c 69 6e 67 3b 66 6f 72 28 3b 72 26 26 65 2e 68 61 73 28 72 29 3b 29 7b 76 61 72 20 69 3d 6f 2e 73 65 72 69 61 6c 69 7a 65 4e 6f 64 65 28 72 29 3b 72 2e 70 72 65 76 69 6f 75 73 53 69 62 6c 69 6e 67 26 26 28 69 2e 70 72 65 76 69 6f 75 73 53 69 62 6c 69 6e 67 3d 6f 2e 73 65 72 69 61 6c 69 7a 65 4e 6f 64 65 28 72 2e 70 72 65 76 69 6f 75 73 53 69 62 6c 69 6e 67 29 29 3b 76 61 72 20 73 3d 72 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 76 6f 69
                                                                                                                                                                                                                                                                                              Data Ascii: e){for(var t,n=e.keys();n.length;){for(var r=n[0];r.previousSibling&&e.has(r.previousSibling);)r=r.previousSibling;for(;r&&e.has(r);){var i=o.serializeNode(r);r.previousSibling&&(i.previousSibling=o.serializeNode(r.previousSibling));var s=r.parentNode;voi
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC16384INData Raw: 6f 6e 28 65 2c 74 2c 6e 29 7b 6e 28 35 34 32 29 2c 6e 28 32 31 39 29 2c 6e 28 32 38 39 29 2c 6e 28 36 33 32 36 29 7d 2c 35 34 32 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 6e 2e 72 28 74 29 3b 76 61 72 20 72 3d 6e 28 35 35 34 37 29 3b 68 6a 2e 74 72 79 43 61 74 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 68 6a 2e 69 6e 73 65 72 74 65 64 52 75 6c 65 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 2c 74 3d 7b 7d 2c 6e 3d 5b 5d 2c 6f 3d 21 31 2c 69 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 2c 72 2c 6f 29 7b 76 61 72 20 69 2c 61 3d 7b 7d 3b 72 65 74 75 72 6e 20 61 2e 69 73 4f 6e 44 6f 63 75 6d 65 6e 74 3d 6f 2c 61 2e 72 75 6c 65 3d 74 2c 61 2e 69 6e 64 65 78 3d 6e 2c 61 2e 70 61 72 65 6e 74 53 65 6c 65
                                                                                                                                                                                                                                                                                              Data Ascii: on(e,t,n){n(542),n(219),n(289),n(6326)},542:function(e,t,n){"use strict";n.r(t);var r=n(5547);hj.tryCatch((function(){hj.insertedRules=function(){var e,t={},n=[],o=!1,i=function(e,t,n,r,o){var i,a={};return a.isOnDocument=o,a.rule=t,a.index=n,a.parentSele
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC16384INData Raw: 6f 3b 69 66 28 68 6a 2e 69 73 50 72 65 76 69 65 77 29 72 65 74 75 72 6e 20 53 3b 69 66 28 22 6f 62 6a 65 63 74 22 3d 3d 3d 62 28 65 29 29 72 65 74 75 72 6e 20 68 6a 2e 68 71 2e 65 61 63 68 28 65 2c 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 53 2e 77 72 69 74 65 28 65 2c 74 2c 21 30 2c 72 29 7d 29 29 2c 53 3b 76 61 72 20 69 3d 65 3b 69 66 28 21 72 26 26 21 53 2e 5f 77 73 2e 63 6f 6e 6e 65 63 74 28 29 29 7b 69 66 28 21 53 2e 5f 77 73 2e 73 65 73 73 69 6f 6e 54 69 6d 65 64 4f 75 74 44 75 65 54 6f 49 6e 61 63 74 69 76 69 74 79 7c 7c 21 43 28 69 29 29 72 65 74 75 72 6e 20 53 3b 53 2e 5f 77 73 3d 6e 65 77 20 79 28 53 2e 66 6c 75 73 68 29 2c 68 6a 2e 5f 69 6e 69 74 2e 72 65 69 6e 69 74 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 2c 21 30 29
                                                                                                                                                                                                                                                                                              Data Ascii: o;if(hj.isPreview)return S;if("object"===b(e))return hj.hq.each(e,(function(e,t){S.write(e,t,!0,r)})),S;var i=e;if(!r&&!S._ws.connect()){if(!S._ws.sessionTimedOutDueToInactivity||!C(i))return S;S._ws=new y(S.flush),hj._init.reinit(window.location.href,!0)
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC16384INData Raw: 65 74 54 69 6d 65 6f 75 74 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 65 28 29 2c 68 6a 2e 73 74 6f 72 65 2e 73 65 73 73 69 6f 6e 2e 73 65 74 28 22 73 65 73 73 69 6f 6e 22 2c 6e 75 6c 6c 29 2c 68 6a 2e 65 76 65 6e 74 53 74 72 65 61 6d 2e 63 6c 6f 73 65 28 29 2c 68 6a 2e 6d 65 74 72 69 63 73 2e 63 6f 75 6e 74 28 22 73 65 73 73 69 6f 6e 2d 69 6e 74 65 72 72 75 70 74 69 6f 6e 22 2c 7b 74 61 67 3a 7b 72 65 61 73 6f 6e 3a 22 74 6f 6f 2d 6c 6f 6e 67 22 7d 7d 29 7d 63 61 74 63 68 28 65 29 7b 73 28 65 2c 22 63 6c 65 61 72 2d 63 6f 6f 6b 69 65 22 29 7d 7d 29 2c 6f 29 7d 72 65 74 75 72 6e 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 6e 26 26 72 2e 66 5f 2e 6e 6f 77 28 29 3e 3d 6e 2b 69 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 20 73 28 65 2c 22
                                                                                                                                                                                                                                                                                              Data Ascii: etTimeout((function(){try{e(),hj.store.session.set("session",null),hj.eventStream.close(),hj.metrics.count("session-interruption",{tag:{reason:"too-long"}})}catch(e){s(e,"clear-cookie")}}),o)}return"number"==typeof n&&r.f_.now()>=n+i}catch(e){return s(e,"


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              80192.168.11.205616052.85.132.1154432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC664OUTPOST /563151391133/pageInfo HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: www.mczbf.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              Content-Length: 878
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC878OUTData Raw: 69 64 3d 62 39 38 66 38 37 62 30 2d 65 62 39 37 2d 34 63 61 35 2d 38 65 33 64 2d 62 65 39 38 32 63 61 36 31 35 61 34 26 66 75 6c 6c 52 65 66 65 72 72 65 72 55 72 6c 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 77 77 77 2e 63 63 6c 65 61 6e 65 72 2e 63 6f 6d 25 32 46 6b 6e 6f 77 6c 65 64 67 65 25 32 46 63 63 6c 65 61 6e 65 72 2d 76 36 2d 32 34 2d 31 31 30 36 30 25 33 46 63 76 25 33 44 76 36 2d 32 34 2d 31 31 30 36 30 26 70 61 79 6c 6f 61 64 3d 25 37 42 25 32 32 73 69 74 65 50 61 67 65 25 32 32 25 33 41 25 37 42 25 32 32 65 6e 74 65 72 70 72 69 73 65 49 64 25 32 32 25 33 41 25 32 32 31 35 36 34 34 37 32 25 32 32 25 37 44 25 37 44 26 70 61 72 74 6e 65 72 73 68 69 70 73 3d 25 37 42 25 32 32 6c 69 76 65 52 61 6d 70 25 32 32 25 33 41 25 37 42 25 32 32 69 73 43
                                                                                                                                                                                                                                                                                              Data Ascii: id=b98f87b0-eb97-4ca5-8e3d-be982ca615a4&fullReferrerUrl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&payload=%7B%22sitePage%22%3A%7B%22enterpriseId%22%3A%221564472%22%7D%7D&partnerships=%7B%22liveRamp%22%3A%7B%22isC
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC641INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Type: image/png
                                                                                                                                                                                                                                                                                              Content-Length: 68
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              X-Request-ID: b85c9c16-1b5d-11ef-bda1-4123a2a3555a
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Set-Cookie: cjUser=5352b045-6480-4ed4-a136-8966549712c0; Expires=Wed, 25 Jun 2025 12:44:41 GMT; Domain=.mczbf.com; Path=/; Secure; SameSite=None; $x-enc=URI_ENCODING
                                                                                                                                                                                                                                                                                              Cache-Control: no-store
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex, nofollow
                                                                                                                                                                                                                                                                                              X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                              Via: 1.1 966a4e45512437c14125c564c492a2d6.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                              X-Amz-Cf-Pop: IAD50-C2
                                                                                                                                                                                                                                                                                              X-Amz-Cf-Id: Vm6zvdLhdi-XmaUncTLv8D7ffhT5BbI5a-N2rFEyJATq6k_m2-nBkA==
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC68INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 08 04 00 00 00 b5 1c 0c 02 00 00 00 0b 49 44 41 54 78 da 63 64 60 00 00 00 06 00 02 30 81 d0 2f 00 00 00 00 49 45 4e 44 ae 42 60 82
                                                                                                                                                                                                                                                                                              Data Ascii: PNGIHDRIDATxcd`0/IENDB`


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              81192.168.11.2056586104.244.42.1334432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC968OUTGET /i/adsct?bci=3&eci=2&event_id=61ac9233-d89b-4aaa-a31e-6c699ea51558&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=3c66a34f-3701-4218-ae59-2d1b1049f2b6&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.30 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: t.co
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC551INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              date: Sun, 26 May 2024 12:44:40 GMT
                                                                                                                                                                                                                                                                                              perf: 7402827104
                                                                                                                                                                                                                                                                                              server: tsa_b
                                                                                                                                                                                                                                                                                              set-cookie: muc_ads=e19bec48-9054-4abd-8981-ab333a768a90; Max-Age=63072000; Expires=Tue, 26 May 2026 12:44:41 GMT; Path=/; Domain=t.co; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              content-type: image/gif;charset=utf-8
                                                                                                                                                                                                                                                                                              cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                                                                                                                                              content-length: 43
                                                                                                                                                                                                                                                                                              x-transaction-id: 963fefde024fc254
                                                                                                                                                                                                                                                                                              strict-transport-security: max-age=0
                                                                                                                                                                                                                                                                                              x-response-time: 7
                                                                                                                                                                                                                                                                                              x-connection-hash: 0e07a0aebea762d96ff3ac902886b8760c94035ea2e157a9e9ac526791e92590
                                                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 09 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              82192.168.11.205067534.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 273
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC273OUTData Raw: 0a 8e 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 50 0a 03 3b 09 01 10 e6 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 2a 08 fc 44 12 0e 0a 0a 47 61 6d 65 72 53 63 6f 72 65 10 02 12 15 0a 11 47 61 6d 65 72 53 63 6f 72 65 56 65 72 73 69 6f 6e 10 04 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557P;HealthCheckNF1(Z*DGamerScoreGamerScoreVersion`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              83192.168.11.205067035.244.154.84432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC638OUTGET /711037.gif?partner_uid=5352b045-6480-4ed4-a136-8966549712c0 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: idsync.rlcdn.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC735INHTTP/1.1 307 Temporary Redirect
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                              Location: https://idsync.rlcdn.com/1000.gif?memo=CP2yKxIwCiwIARCl_gkaJDUzNTJiMDQ1LTY0ODAtNGVkNC1hMTM2LTg5NjY1NDk3MTJjMBAAGg0Iud3MsgYSBQjoBxAAQgBKAA
                                                                                                                                                                                                                                                                                              P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
                                                                                                                                                                                                                                                                                              Set-Cookie: rlas3=icnAo/BpX6E+9wmtA5aOKQYs4mFDs3K9/GfhTMwMAJU=; Path=/; Domain=rlcdn.com; Expires=Mon, 26 May 2025 12:44:41 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: pxrc=CAA=; Path=/; Domain=rlcdn.com; Expires=Thu, 25 Jul 2024 12:44:41 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              84192.168.11.205239464.202.112.954432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC864OUTPOST /unifiedPixel?optOut=true&bust=006957711953714307&referrer=&cht=ot&marketerId=001ac0827d67b7b38319c9517e7fa2f4cc&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&g=1&obApiVersion=1.1&obtpVersion=2.0.5 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: tr.outbrain.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC459INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Type: image/gif;
                                                                                                                                                                                                                                                                                              Content-Length: 53
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Methods: GET, POST
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Headers: Content-Type, Authorization
                                                                                                                                                                                                                                                                                              X-TraceId: 0c7aee5bd0e37c5f1d84e4ffc9e21cf5
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC53INData Raw: 47 49 46 38 39 61 01 00 01 00 ef bf bd 00 00 00 00 00 ef bf bd ef bf bd ef bf bd 21 ef bf bd 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 40 02 02 44 01 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,@D;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              85192.168.11.206125063.140.39.934432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC2327OUTGET /b/ss/symanteccom/1/JS-2.22.0-LDQM/s65133898573217?AQB=1&ndh=1&pf=1&t=26%2F4%2F2024%208%3A44%3A39%200%20240&mid=12586703185176664232105342814118163955&aamlh=7&ce=UTF-8&pageName=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-24-11060&g=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&cc=USD&server=norton&events=event69&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c2=us&c3=en&c8=D%3Dv163&c14=D%3Dv16&v18=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-24-11060&v21=D%3Dc21&v27=D%3Dc2&v28=D%3Dc3&c35=D%3DpageName&c41=ccleaner&v41=D%3Dc41&c46=html&c47=page&v47=s_code_norton%202024-04-17&c48=CCleaner%20v6.24.11060&v48=D%3Dc49&c49=knowledge&v49=D%3Dc48&v57=12586703185176664232105342814118163955&c59=ccleaner%3Aknowledge%3Accleaner-v6-24-11060&v59=D%3Dc59&v72=ccleaner&c75=D%3Dv57&v96=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060&v164=ccleaner%3A999_a&s=1920x1080&c=24&j=1.6&v=N&k=Y&bw=1920&bh=969&mcorgid=67C716D751E567F70A490D4C%40AdobeOrg&AQE=1 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: oms.ccleaner.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: avstperm=C0001%3A0%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0%2CC0005%3A0; sourceCodeCookie=999_a8e||source=direct|medium=(none)|campaign=(not set)|segmentCode=a; __trSrc=999_a8e; sdl_cid=748901336.1716727479; _gcl_au=1.1.1566402970.1716727479; __srcCookie=007_z8e||source=(Other)|medium=(none)|campaign=(not set)|segmentCode=z; pglpid=undefined; AMCVS_67C716D751E567F70A490D4C%40AdobeOrg=1; AMCV_67C716D751E567F70A490D4C%40AdobeOrg=179643557%7CMCIDTS%7C19870%7CMCMID%7C12586703185176664232105342814118163955%7CMCAAMLH-1717332278%7C7%7CMCAAMB-1717332278%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1716734678s%7CNONE%7CvVersion%7C5.5.0; s_nr=1716727479272-New; event69=event69; channelStack=s_eVar72~ccleaner; s_tbm=true; s_gpv=ccleaner%3Aus%3Aknowledge%3Accleaner-v6-24-11060; s_gpv_custom=ccleaner%3Aknowledge%3Accleaner-v6-24-11060; s_cc=true; cjConsent=MHxOfDB8Tnww; cjUser=5352b045-6480-4ed4-a136-8966549712c0; cjLiveRampLastCall=2024-05-26T12:44:39.547Z
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC574INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              access-control-allow-origin: *
                                                                                                                                                                                                                                                                                              date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              expires: Sat, 25 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              last-modified: Mon, 27 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              pragma: no-cache
                                                                                                                                                                                                                                                                                              p3p: CP="This is not a P3P policy"
                                                                                                                                                                                                                                                                                              server: jag
                                                                                                                                                                                                                                                                                              etag: 3686644193574649856-4618564820143910550
                                                                                                                                                                                                                                                                                              vary: *
                                                                                                                                                                                                                                                                                              content-type: image/gif;charset=utf-8
                                                                                                                                                                                                                                                                                              content-length: 43
                                                                                                                                                                                                                                                                                              strict-transport-security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              cache-control: no-cache, no-store, max-age=0, no-transform, private
                                                                                                                                                                                                                                                                                              x-xss-protection: 1; mode=block
                                                                                                                                                                                                                                                                                              x-content-type-options: nosniff
                                                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC43INData Raw: 47 49 46 38 39 61 02 00 02 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 02 00 02 00 00 02 02 84 51 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,Q;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              86192.168.11.205109669.147.92.124432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC360OUTGET /wi/config/10180940.json HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: s.yimg.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC878INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              x-amz-id-2: Va5YRg6IccWB69bQfCFconG4C4N1uHho1suMQLqGP3KGy7Qr9E7rtvTfIEQ2RN3JGt4KlHh00gk=
                                                                                                                                                                                                                                                                                              x-amz-request-id: WJRM334XSS4BEQ67
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 11:55:04 GMT
                                                                                                                                                                                                                                                                                              Last-Modified: Sun, 26 May 2024 11:35:42 GMT
                                                                                                                                                                                                                                                                                              x-amz-expiration: expiry-date="Tue, 01 Jul 2025 00:00:00 GMT", rule-id="oath-standard-lifecycle"
                                                                                                                                                                                                                                                                                              x-amz-server-side-encryption: AES256
                                                                                                                                                                                                                                                                                              x-amz-version-id: pVfBsQg.8xo0NXDKQ7bgdIHmg37OwqTA
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Content-Type: application/json
                                                                                                                                                                                                                                                                                              Server: ATS
                                                                                                                                                                                                                                                                                              Content-Length: 46
                                                                                                                                                                                                                                                                                              Referrer-Policy: no-referrer-when-downgrade
                                                                                                                                                                                                                                                                                              Vary: Origin
                                                                                                                                                                                                                                                                                              Etag: "5df7dee99a3ff0ef853b4c1a7e8a6f34"
                                                                                                                                                                                                                                                                                              Age: 2978
                                                                                                                                                                                                                                                                                              ATS-Carp-Promotion: 1
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                              Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
                                                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC46INData Raw: 7b 22 70 69 78 65 6c 49 64 22 3a 31 30 31 38 30 39 34 30 2c 22 75 73 65 31 73 74 50 61 72 74 79 43 6f 6f 6b 69 65 73 22 3a 74 72 75 65 7d
                                                                                                                                                                                                                                                                                              Data Ascii: {"pixelId":10180940,"use1stPartyCookies":true}


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              87192.168.11.205952054.146.244.2284432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC476OUTGET /ibs:dpid=411&dpuuid=ZlMuuAAAALyDAwN_ HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: dpm.demdex.net
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: demdex=12420529992577389502124774616857229634; dpm=12420529992577389502124774616857229634
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC889INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                                                                                                                              Content-Length: 42
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              X-TID: 3uRkjb57S7w=
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: Thu, 01 Jan 1970 00:00:00 UTC
                                                                                                                                                                                                                                                                                              P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              DCS: dcs-prod-va6-1-v060-05a56d0b5.edge-va6.demdex.com 2 ms
                                                                                                                                                                                                                                                                                              set-cookie: dpm=12420529992577389502124774616857229634; Max-Age=15552000; Expires=Fri, 22 Nov 2024 12:44:41 GMT; Path=/; Domain=.dpm.demdex.net; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              set-cookie: demdex=12420529992577389502124774616857229634; Max-Age=15552000; Expires=Fri, 22 Nov 2024 12:44:41 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              88192.168.11.205109734.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 578
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC578OUTData Raw: 0a bf 04 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 80 03 0a 03 3b 03 01 10 e8 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a d9 02 0a 07 53 74 61 72 74 75 70 12 08 67 75 69 20 6f 70 65 6e 1a 16 63 63 6c 65 61 6e 65 72 20 73 74 61 72 74 75 70 20 65 76 65 6e 74 20 00 28 01 32 0a 08 80 f7 c9 b2 06 10 02 18 01 42 84 02 08 00 10 00 1a 03 31 2d 61 22 11 0a 0b 41 75 74 6f 55 70 64 61 74 65 73 12 02 6f 6e 22 0d 0a 07 49 73 41 64 6d 69 6e 12 02 6f 6e 22
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(ZStartupgui openccleaner startup event (2B1-a"AutoUpdateson"IsAdminon"
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              89192.168.11.205608452.85.132.1154432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC361OUTGET /563151391133/pageInfo HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: www.mczbf.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC399INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              X-Request-ID: b8aa6dea-1b5d-11ef-a7d6-6f1c9f83bec2
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              X-Robots-Tag: noindex, nofollow
                                                                                                                                                                                                                                                                                              X-Cache: Error from cloudfront
                                                                                                                                                                                                                                                                                              Via: 1.1 2b74e5ee4d30afba8f9df9907896c5f4.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                              X-Amz-Cf-Pop: IAD50-C2
                                                                                                                                                                                                                                                                                              X-Amz-Cf-Id: OHxWGAAPLFQJTnKIYzjmRHJl0aiW2o2qH6oQ8ADXPR3IovEISawaXA==


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              90192.168.11.2065510104.19.178.524432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC433OUTGET /consent/831b8ee0-e952-49a5-af6b-01382c722774/508b8439-6d82-43c5-aed5-156f03a3876f/en.json HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC902INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/x-javascript
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              CF-Ray: 889ddba8b85528c4-IAD
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Age: 27095
                                                                                                                                                                                                                                                                                              Cache-Control: public, max-age=86400
                                                                                                                                                                                                                                                                                              Expires: Mon, 27 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Last-Modified: Mon, 20 Jun 2022 08:17:11 GMT
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Content-MD5: i0ofUXVu/TqOH4J3xgmSUw==
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-request-id: b6b78056-f01e-0066-7e4f-7976a3000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC467INData Raw: 32 36 38 33 0d 0a 7b 22 44 6f 6d 61 69 6e 44 61 74 61 22 3a 7b 22 70 63 6c 69 66 65 53 70 61 6e 59 72 22 3a 22 59 65 61 72 22 2c 22 70 63 6c 69 66 65 53 70 61 6e 59 72 73 22 3a 22 59 65 61 72 73 22 2c 22 70 63 6c 69 66 65 53 70 61 6e 53 65 63 73 22 3a 22 41 20 66 65 77 20 73 65 63 6f 6e 64 73 22 2c 22 70 63 6c 69 66 65 53 70 61 6e 57 6b 22 3a 22 57 65 65 6b 22 2c 22 70 63 6c 69 66 65 53 70 61 6e 57 6b 73 22 3a 22 57 65 65 6b 73 22 2c 22 70 63 63 6c 6f 73 65 42 75 74 74 6f 6e 54 79 70 65 22 3a 22 49 63 6f 6e 22 2c 22 70 63 63 6f 6e 74 69 6e 75 65 57 69 74 68 6f 75 74 41 63 63 65 70 74 54 65 78 74 22 3a 22 43 6f 6e 74 69 6e 75 65 20 77 69 74 68 6f 75 74 20 41 63 63 65 70 74 69 6e 67 22 2c 22 63 63 74 49 64 22 3a 22 38 33 31 62 38 65 65 30 2d 65 39 35 32 2d
                                                                                                                                                                                                                                                                                              Data Ascii: 2683{"DomainData":{"pclifeSpanYr":"Year","pclifeSpanYrs":"Years","pclifeSpanSecs":"A few seconds","pclifeSpanWk":"Week","pclifeSpanWks":"Weeks","pccloseButtonType":"Icon","pccontinueWithoutAcceptText":"Continue without Accepting","cctId":"831b8ee0-e952-
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 64 20 65 6e 61 62 6c 65 20 75 73 20 74 6f 20 73 68 6f 77 20 72 65 6c 65 76 61 6e 74 20 6d 61 72 6b 65 74 69 6e 67 20 63 6f 6e 74 65 6e 74 2e 20 59 6f 75 20 63 61 6e 20 6d 61 6e 61 67 65 20 63 6f 6f 6b 69 65 20 73 65 74 74 69 6e 67 73 20 62 65 6c 6f 77 2e 20 42 79 20 63 6c 69 63 6b 69 6e 67 20 e2 80 9c 43 6f 6e 66 69 72 6d 20 53 65 6c 65 63 74 69 6f 6e e2 80 9d 20 79 6f 75 20 61 67 72 65 65 20 77 69 74 68 20 74 68 65 20 63 75 72 72 65 6e 74 20 73 65 74 74 69 6e 67 73 2e 20 53 65 65 22 2c 22 41 62 6f 75 74 54 65 78 74 22 3a 22 43 6f 6f 6b 69 65 73 20 70 6f 6c 69 63 79 22 2c 22 41 62 6f 75 74 43 6f 6f 6b 69 65 73 54 65 78 74 22 3a 22 59 6f 75 72 20 50 72 69 76 61 63 79 22 2c 22 43 6f 6e 66 69 72 6d 54 65 78 74 22 3a 22 41 63 63 65 70 74 20 41 6c 6c 22 2c 22
                                                                                                                                                                                                                                                                                              Data Ascii: d enable us to show relevant marketing content. You can manage cookie settings below. By clicking Confirm Selection you agree with the current settings. See","AboutText":"Cookies policy","AboutCookiesText":"Your Privacy","ConfirmText":"Accept All","
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 78 74 22 3a 22 4c 69 73 74 20 6f 66 20 49 41 42 20 56 65 6e 64 6f 72 73 22 2c 22 54 68 69 72 64 50 61 72 74 79 43 6f 6f 6b 69 65 4c 69 73 74 54 65 78 74 22 3a 22 43 6f 6f 6b 69 65 73 20 44 65 74 61 69 6c 73 22 2c 22 50 72 65 66 65 72 65 6e 63 65 43 65 6e 74 65 72 4d 61 6e 61 67 65 50 72 65 66 65 72 65 6e 63 65 73 54 65 78 74 22 3a 22 20 4d 61 6e 61 67 65 20 43 6f 6e 73 65 6e 74 20 50 72 65 66 65 72 65 6e 63 65 73 22 2c 22 50 72 65 66 65 72 65 6e 63 65 43 65 6e 74 65 72 4d 6f 72 65 49 6e 66 6f 53 63 72 65 65 6e 52 65 61 64 65 72 22 3a 22 4f 70 65 6e 73 20 69 6e 20 61 20 6e 65 77 20 54 61 62 22 2c 22 43 6f 6f 6b 69 65 4c 69 73 74 54 69 74 6c 65 22 3a 22 43 6f 6f 6b 69 65 20 4c 69 73 74 22 2c 22 43 6f 6f 6b 69 65 4c 69 73 74 44 65 73 63 72 69 70 74 69 6f 6e
                                                                                                                                                                                                                                                                                              Data Ascii: xt":"List of IAB Vendors","ThirdPartyCookieListText":"Cookies Details","PreferenceCenterManagePreferencesText":" Manage Consent Preferences","PreferenceCenterMoreInfoScreenReader":"Opens in a new Tab","CookieListTitle":"Cookie List","CookieListDescription
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 20 74 6f 20 73 65 63 75 72 65 20 61 72 65 61 73 20 6f 66 20 74 68 65 20 77 65 62 73 69 74 65 2e 20 54 68 65 20 77 65 62 73 69 74 65 20 63 61 6e 6e 6f 74 20 66 75 6e 63 74 69 6f 6e 20 70 72 6f 70 65 72 6c 79 20 77 69 74 68 6f 75 74 20 74 68 65 73 65 20 63 6f 6f 6b 69 65 73 2e 22 2c 22 47 72 6f 75 70 4e 61 6d 65 4d 6f 62 69 6c 65 22 3a 22 4e 65 63 65 73 73 61 72 79 20 63 6f 6f 6b 69 65 73 22 2c 22 47 72 6f 75 70 4e 61 6d 65 4f 54 54 22 3a 22 4e 65 63 65 73 73 61 72 79 20 63 6f 6f 6b 69 65 73 22 2c 22 47 72 6f 75 70 4e 61 6d 65 22 3a 22 4e 65 63 65 73 73 61 72 79 20 63 6f 6f 6b 69 65 73 22 2c 22 49 73 49 61 62 50 75 72 70 6f 73 65 22 3a 66 61 6c 73 65 2c 22 47 65 6e 65 72 61 6c 56 65 6e 64 6f 72 73 49 64 73 22 3a 5b 5d 2c 22 46 69 72 73 74 50 61 72 74 79 43
                                                                                                                                                                                                                                                                                              Data Ascii: to secure areas of the website. The website cannot function properly without these cookies.","GroupNameMobile":"Necessary cookies","GroupNameOTT":"Necessary cookies","GroupName":"Necessary cookies","IsIabPurpose":false,"GeneralVendorsIds":[],"FirstPartyC
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 2c 22 69 64 22 3a 22 63 38 39 38 35 65 61 62 2d 66 66 64 30 2d 34 61 30 34 2d 38 63 65 66 2d 66 64 32 63 37 33 31 65 64 31 32 61 22 2c 22 4e 61 6d 65 22 3a 22 5f 63 63 5f 6c 61 6e 67 43 68 6f 69 63 65 22 2c 22 48 6f 73 74 22 3a 22 77 77 77 2e 63 63 6c 65 61 6e 65 72 2e 63 6f 6d 22 2c 22 49 73 53 65 73 73 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 4c 65 6e 67 74 68 22 3a 22 33 36 34 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 22 2c 22 44 75 72 61 74 69 6f 6e 54 79 70 65 22 3a 31 2c 22 63 61 74 65 67 6f 72 79 22 3a 6e 75 6c 6c 2c 22 69 73 54 68 69 72 64 50 61 72 74 79 22 3a 66 61 6c 73 65 7d 2c 7b 22 74 68 69 72 64 50 61 72 74 79 44 65 73 63 72 69 70 74 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 70 61 74 74 65 72 6e 4b 65 79 22 3a 6e 75 6c 6c 2c 22 74 68 69 72 64 50
                                                                                                                                                                                                                                                                                              Data Ascii: ,"id":"c8985eab-ffd0-4a04-8cef-fd2c731ed12a","Name":"_cc_langChoice","Host":"www.ccleaner.com","IsSession":false,"Length":"364","description":"","DurationType":1,"category":null,"isThirdParty":false},{"thirdPartyDescription":null,"patternKey":null,"thirdP
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 77 77 2e 63 63 6c 65 61 6e 65 72 2e 63 6f 6d 22 2c 22 49 73 53 65 73 73 69 6f 6e 22 3a 74 72 75 65 2c 22 4c 65 6e 67 74 68 22 3a 22 30 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 69 73 20 63 6f 6f 6b 69 65 20 69 73 20 73 65 74 20 62 79 20 77 65 62 73 69 74 65 73 20 72 75 6e 20 6f 6e 20 74 68 65 20 57 69 6e 64 6f 77 73 20 41 7a 75 72 65 20 63 6c 6f 75 64 20 70 6c 61 74 66 6f 72 6d 2e 20 49 74 20 69 73 20 75 73 65 64 20 66 6f 72 20 6c 6f 61 64 20 62 61 6c 61 6e 63 69 6e 67 20 74 6f 20 6d 61 6b 65 20 73 75 72 65 20 74 68 65 20 76 69 73 69 74 6f 72 20 70 61 67 65 20 72 65 71 75 65 73 74 73 20 61 72 65 20 72 6f 75 74 65 64 20 74 6f 20 74 68 65 20 73 61 6d 65 20 73 65 72 76 65 72 20 69 6e 20 61 6e 79 20 62 72 6f 77 73 69 6e 67 20 73 65 73 73 69 6f
                                                                                                                                                                                                                                                                                              Data Ascii: ww.ccleaner.com","IsSession":true,"Length":"0","description":"This cookie is set by websites run on the Windows Azure cloud platform. It is used for load balancing to make sure the visitor page requests are routed to the same server in any browsing sessio
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 4b 65 79 22 3a 6e 75 6c 6c 2c 22 74 68 69 72 64 50 61 72 74 79 4b 65 79 22 3a 22 22 2c 22 66 69 72 73 74 50 61 72 74 79 4b 65 79 22 3a 22 43 6f 6f 6b 69 65 4f 70 74 61 6e 6f 6e 41 6c 65 72 74 42 6f 78 43 6c 6f 73 65 64 22 2c 22 69 64 22 3a 22 33 36 65 33 33 32 31 30 2d 36 64 30 36 2d 34 63 34 63 2d 38 38 66 66 2d 66 62 37 64 31 31 37 39 39 64 61 35 22 2c 22 4e 61 6d 65 22 3a 22 4f 70 74 61 6e 6f 6e 41 6c 65 72 74 42 6f 78 43 6c 6f 73 65 64 22 2c 22 48 6f 73 74 22 3a 22 73 65 63 75 72 65 2e 63 63 6c 65 61 6e 65 72 2e 63 6f 6d 22 2c 22 49 73 53 65 73 73 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 4c 65 6e 67 74 68 22 3a 22 33 36 34 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 69 73 20 63 6f 6f 6b 69 65 20 69 73 20 73 65 74 20 62 79 20 77 65 62 73 69 74
                                                                                                                                                                                                                                                                                              Data Ascii: Key":null,"thirdPartyKey":"","firstPartyKey":"CookieOptanonAlertBoxClosed","id":"36e33210-6d06-4c4c-88ff-fb7d11799da5","Name":"OptanonAlertBoxClosed","Host":"secure.ccleaner.com","IsSession":false,"Length":"364","description":"This cookie is set by websit
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1186INData Raw: 67 74 6d 5f 55 41 2d 22 2c 22 66 69 72 73 74 50 61 72 74 79 4b 65 79 22 3a 22 50 61 74 74 65 72 6e 7c 5f 64 63 5f 67 74 6d 5f 55 41 2d 22 2c 22 69 64 22 3a 22 65 61 31 38 39 31 66 63 2d 33 30 34 39 2d 34 62 66 34 2d 61 32 61 37 2d 63 66 66 37 35 33 39 34 38 37 36 36 22 2c 22 4e 61 6d 65 22 3a 22 5f 64 63 5f 67 74 6d 5f 55 41 2d 78 78 78 78 78 78 78 78 22 2c 22 48 6f 73 74 22 3a 22 63 63 6c 65 61 6e 65 72 2e 63 6f 6d 22 2c 22 49 73 53 65 73 73 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 4c 65 6e 67 74 68 22 3a 22 30 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 54 68 69 73 20 63 6f 6f 6b 69 65 20 69 73 20 61 73 73 6f 63 69 61 74 65 64 20 77 69 74 68 20 73 69 74 65 73 20 75 73 69 6e 67 20 47 6f 6f 67 6c 65 20 54 61 67 20 4d 61 6e 61 67 65 72 20 74 6f 20 6c 6f
                                                                                                                                                                                                                                                                                              Data Ascii: gtm_UA-","firstPartyKey":"Pattern|_dc_gtm_UA-","id":"ea1891fc-3049-4bf4-a2a7-cff753948766","Name":"_dc_gtm_UA-xxxxxxxx","Host":"ccleaner.com","IsSession":false,"Length":"0","description":"This cookie is associated with sites using Google Tag Manager to lo
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 37 66 66 39 0d 0a 73 74 6f 72 65 73 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 61 62 6f 75 74 20 74 68 65 20 63 61 74 65 67 6f 72 69 65 73 20 6f 66 20 63 6f 6f 6b 69 65 73 20 74 68 65 20 73 69 74 65 20 75 73 65 73 20 61 6e 64 20 77 68 65 74 68 65 72 20 76 69 73 69 74 6f 72 73 20 68 61 76 65 20 67 69 76 65 6e 20 6f 72 20 77 69 74 68 64 72 61 77 6e 20 63 6f 6e 73 65 6e 74 20 66 6f 72 20 74 68 65 20 75 73 65 20 6f 66 20 65 61 63 68 20 63 61 74 65 67 6f 72 79 2e 20 54 68 69 73 20 65 6e 61 62 6c 65 73 20 73 69 74 65 20 6f 77 6e 65 72 73 20 74 6f 20 70 72 65 76 65 6e 74 20 63 6f 6f 6b 69 65 73 20 69 6e 20 65 61 63 68 20 63 61 74 65 67 6f 72 79 20 66 72 6f 6d 20 62 65 69 6e 67 20 73 65 74 20 69 6e 20 74 68 65 20 75 73 65 72 73 20 62 72 6f 77 73 65 72 2c 20 77 68 65
                                                                                                                                                                                                                                                                                              Data Ascii: 7ff9stores information about the categories of cookies the site uses and whether visitors have given or withdrawn consent for the use of each category. This enables site owners to prevent cookies in each category from being set in the users browser, whe
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 74 69 6f 6e 22 3a 6e 75 6c 6c 2c 22 70 61 74 74 65 72 6e 4b 65 79 22 3a 6e 75 6c 6c 2c 22 74 68 69 72 64 50 61 72 74 79 4b 65 79 22 3a 6e 75 6c 6c 2c 22 66 69 72 73 74 50 61 72 74 79 4b 65 79 22 3a 6e 75 6c 6c 2c 22 69 64 22 3a 22 33 34 63 33 61 64 62 38 2d 63 33 32 65 2d 34 66 39 34 2d 62 62 30 31 2d 66 38 66 39 63 35 63 63 36 34 61 64 22 2c 22 4e 61 6d 65 22 3a 22 70 75 72 6c 2d 38 30 39 30 35 22 2c 22 48 6f 73 74 22 3a 22 73 65 63 75 72 65 2e 63 63 6c 65 61 6e 65 72 2e 63 6f 6d 22 2c 22 49 73 53 65 73 73 69 6f 6e 22 3a 66 61 6c 73 65 2c 22 4c 65 6e 67 74 68 22 3a 22 31 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 22 2c 22 44 75 72 61 74 69 6f 6e 54 79 70 65 22 3a 31 2c 22 63 61 74 65 67 6f 72 79 22 3a 6e 75 6c 6c 2c 22 69 73 54 68 69 72 64 50 61
                                                                                                                                                                                                                                                                                              Data Ascii: tion":null,"patternKey":null,"thirdPartyKey":null,"firstPartyKey":null,"id":"34c3adb8-c32e-4f94-bb01-f8f9c5cc64ad","Name":"purl-80905","Host":"secure.ccleaner.com","IsSession":false,"Length":"1","description":"","DurationType":1,"category":null,"isThirdPa


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              91192.168.11.2054614104.19.178.524432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC600OUTGET /scripttemplates/6.36.0/assets/otCenterRounded.json HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC809INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/json
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-MD5: eB5KwLWtcYPmjc/KKwC/xQ==
                                                                                                                                                                                                                                                                                              Last-Modified: Tue, 07 Jun 2022 19:28:57 GMT
                                                                                                                                                                                                                                                                                              x-ms-request-id: 4e3459e0-901e-0002-6c2c-24873b000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Age: 57390
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              CF-RAY: 889ddba8cf3b1777-IAD
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC560INData Raw: 32 35 32 33 0d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 6f 74 43 65 6e 74 65 72 52 6f 75 6e 64 65 64 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 68 74 6d 6c 22 3a 20 22 50 47 52 70 64 69 42 70 5a 44 30 69 62 32 35 6c 64 48 4a 31 63 33 51 74 59 6d 46 75 62 6d 56 79 4c 58 4e 6b 61 79 49 67 59 32 78 68 63 33 4d 39 49 6d 39 30 51 32 56 75 64 47 56 79 55 6d 39 31 62 6d 52 6c 5a 43 49 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 63 32 52 72 4c 57 4e 76 62 6e 52 68 61 57 35 6c 63 69 49 67 63 6d 39 73 5a 54 30 69 59 57 78 6c 63 6e 52 6b 61 57 46 73 62 32 63 69 49 47 46 79 61 57 45 74 5a 47 56 7a 59 33 4a 70 59 6d 56 6b 59 6e 6b 39 49 6d 39 75 5a 58
                                                                                                                                                                                                                                                                                              Data Ascii: 2523 { "name": "otCenterRounded", "html": "PGRpdiBpZD0ib25ldHJ1c3QtYmFubmVyLXNkayIgY2xhc3M9Im90Q2VudGVyUm91bmRlZCI+PGRpdiBjbGFzcz0ib3Qtc2RrLWNvbnRhaW5lciIgcm9sZT0iYWxlcnRkaWFsb2ciIGFyaWEtZGVzY3JpYmVkYnk9Im9uZX
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 30 61 58 52 73 5a 53 49 2b 56 47 6c 30 62 47 55 38 4c 32 67 79 50 6a 78 77 49 47 6c 6b 50 53 4a 76 62 6d 56 30 63 6e 56 7a 64 43 31 77 62 32 78 70 59 33 6b 74 64 47 56 34 64 43 49 2b 64 47 56 34 64 44 78 68 49 47 68 79 5a 57 59 39 49 69 4d 69 50 6e 42 76 62 47 6c 6a 65 54 77 76 59 54 34 38 4c 33 41 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 5a 48 42 6b 4c 57 4e 76 62 6e 52 68 61 57 35 6c 63 69 49 2b 50 47 67 7a 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 6b 63 47 51 74 64 47 6c 30 62 47 55 69 50 6a 77 76 61 44 4d 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 5a 48 42 6b 4c 57 4e 76 62 6e 52 6c 62 6e 51 69 50 6a 78 77 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 6b 63 47 51 74 5a 47 56 7a 59 79 49 2b 50 43 39 77 50 6a
                                                                                                                                                                                                                                                                                              Data Ascii: 0aXRsZSI+VGl0bGU8L2gyPjxwIGlkPSJvbmV0cnVzdC1wb2xpY3ktdGV4dCI+dGV4dDxhIGhyZWY9IiMiPnBvbGljeTwvYT48L3A+PGRpdiBjbGFzcz0ib3QtZHBkLWNvbnRhaW5lciI+PGgzIGNsYXNzPSJvdC1kcGQtdGl0bGUiPjwvaDM+PGRpdiBjbGFzcz0ib3QtZHBkLWNvbnRlbnQiPjxwIGNsYXNzPSJvdC1kcGQtZGVzYyI+PC9wPj
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 64 6a 34 38 4c 32 52 70 64 6a 34 38 4c 32 52 70 64 6a 34 3d 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 63 73 73 22 3a 20 22 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 31 38 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 2e 6f 74 43 65 6e 74 65 72 52 6f 75 6e 64 65 64 7b 7a 2d 69 6e 64 65 78 3a 32 31 34 37 34 38 33 36 34 35 3b 74 6f 70 3a 31 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 72 69 67 68 74 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 77 69 64 74 68 3a 36 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 36 35 30 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 2e 35
                                                                                                                                                                                                                                                                                              Data Ascii: dj48L2Rpdj48L2Rpdj4=", "css": "#onetrust-banner-sdk{box-shadow:0 0 18px rgba(0,0,0,.2)}#onetrust-banner-sdk.otCenterRounded{z-index:2147483645;top:10%;position:fixed;right:0;background-color:#fff;width:60%;max-width:650px;border-radius:2.5
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 77 69 64 74 68 3a 61 75 74 6f 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 62 2d 61 64 64 6c 2d 64 65 73 63 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 23 6f 6e 65 74 72 75 73 74 2d 62 75 74 74 6f 6e 2d 67 72 6f 75 70 2d 70 61 72 65 6e 74 7b 70 61 64 64 69 6e 67 3a 31 35 70 78 20 33 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 23 6f 6e 65 74 72 75 73 74 2d 62 75 74 74 6f 6e 2d 67 72 6f 75 70 2d 70 61 72 65 6e 74 3a 6e 6f 74 28 2e 68 61 73 2d 72 65 6a 65 63 74 2d 61 6c 6c 2d 62 75 74 74 6f
                                                                                                                                                                                                                                                                                              Data Ascii: adding:0;border:0;height:auto;width:auto}#onetrust-banner-sdk .ot-b-addl-desc{display:block}#onetrust-banner-sdk #onetrust-button-group-parent{padding:15px 30px;text-align:center}#onetrust-banner-sdk #onetrust-button-group-parent:not(.has-reject-all-butto
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 73 74 2d 70 63 2d 62 74 6e 2d 68 61 6e 64 6c 65 72 2e 63 6f 6f 6b 69 65 2d 73 65 74 74 69 6e 67 2d 6c 69 6e 6b 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 68 61 73 2d 72 65 6a 65 63 74 2d 61 6c 6c 2d 62 75 74 74 6f 6e 20 2e 62 61 6e 6e 65 72 2d 61 63 74 69 6f 6e 73 2d 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 36 30 25 3b 77 69 64 74 68 3a 61 75 74 6f 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 63 6c 6f 73 65 2d 69 63 6f 6e 7b 77 69 64 74 68 3a 34 34 70 78 3b 68 65 69 67 68 74 3a 34 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 2d 31 38 70
                                                                                                                                                                                                                                                                                              Data Ascii: st-pc-btn-handler.cookie-setting-link{text-align:left;margin-right:0}#onetrust-banner-sdk .has-reject-all-button .banner-actions-container{max-width:60%;width:auto}#onetrust-banner-sdk .ot-close-icon{width:44px;height:44px;background-size:12px;margin:-18p
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 33 30 30 6d 73 20 65 61 73 65 2d 69 6e 20 30 73 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 33 30 30 6d 73 20 65 61 73 65 2d 69 6e 20 30 73 3b 2d 6f 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 33 30 30 6d 73 20 65 61 73 65 2d 69 6e 20 30 73 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 61 72 72 6f 77 2d 63 6f 6e 74 61 69 6e 65 72 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 36 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 36 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 36
                                                                                                                                                                                                                                                                                              Data Ascii: webkit-transition:all 300ms ease-in 0s;-moz-transition:all 300ms ease-in 0s;-o-transition:all 300ms ease-in 0s}#onetrust-banner-sdk .ot-arrow-container{display:inline-block;border-top:6px solid transparent;border-bottom:6px solid transparent;border-left:6
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 6c 6f 73 65 2d 62 74 6e 2d 6c 69 6e 6b 20 23 6f 6e 65 74 72 75 73 74 2d 63 6c 6f 73 65 2d 62 74 6e 2d 63 6f 6e 74 61 69 6e 65 72 7b 74 6f 70 3a 31 35 70 78 3b 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 3b 72 69 67 68 74 3a 31 35 70 78 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 2e 6f 74 2d 63 6c 6f 73 65 2d 62 74 6e 2d 6c 69 6e 6b 20 23 6f 6e 65 74 72 75 73 74 2d 63 6c 6f 73 65 2d 62 74 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 62 75 74 74 6f 6e 7b 70 61 64 64 69 6e 67 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 2d 77 72 61 70 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 66 6f 6e
                                                                                                                                                                                                                                                                                              Data Ascii: lose-btn-link #onetrust-close-btn-container{top:15px;transform:none;right:15px}#onetrust-banner-sdk.ot-close-btn-link #onetrust-close-btn-container button{padding:0;white-space:pre-wrap;border:none;height:auto;line-height:1.5;text-decoration:underline;fon
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC741INData Raw: 32 32 70 78 3b 77 69 64 74 68 3a 63 61 6c 63 28 31 30 30 25 20 2d 20 34 34 70 78 29 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 23 6f 6e 65 74 72 75 73 74 2d 62 75 74 74 6f 6e 2d 67 72 6f 75 70 2d 70 61 72 65 6e 74 7b 70 61 64 64 69 6e 67 3a 31 35 70 78 20 32 32 70 78 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 23 62 61 6e 6e 65 72 2d 6f 70 74 69 6f 6e 73 7b 70 61 64 64 69 6e 67 3a 30 20 32 32 70 78 3b 77 69 64 74 68 3a 63 61 6c 63 28 31 30 30 25 20 2d 20 34 34 70 78 29 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 62 61 6e 6e 65 72 2d 6f 70 74 69 6f 6e 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 70 78 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 68 61 73 2d 72
                                                                                                                                                                                                                                                                                              Data Ascii: 22px;width:calc(100% - 44px)}#onetrust-banner-sdk #onetrust-button-group-parent{padding:15px 22px}#onetrust-banner-sdk #banner-options{padding:0 22px;width:calc(100% - 44px)}#onetrust-banner-sdk .banner-option{margin-bottom:6px}#onetrust-banner-sdk .has-r
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              92192.168.11.205738135.244.154.84432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC762OUTGET /1000.gif?memo=CP2yKxIwCiwIARCl_gkaJDUzNTJiMDQ1LTY0ODAtNGVkNC1hMTM2LTg5NjY1NDk3MTJjMBAAGg0Iud3MsgYSBQjoBxAAQgBKAA HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: idsync.rlcdn.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: rlas3=icnAo/BpX6E+9wmtA5aOKQYs4mFDs3K9/GfhTMwMAJU=; pxrc=CAA=
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC612INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                                                                                                                              P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
                                                                                                                                                                                                                                                                                              Set-Cookie: rlas3=icnAo/BpX6E+9wmtA5aOKQYs4mFDs3K9/GfhTMwMAJU=; Path=/; Domain=rlcdn.com; Expires=Mon, 26 May 2025 12:44:41 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: pxrc=CLndzLIGEgUI6AcQAA==; Path=/; Domain=rlcdn.com; Expires=Thu, 25 Jul 2024 12:44:41 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Length: 42
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              93192.168.11.2051987104.244.42.1334432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC786OUTGET /i/adsct?bci=3&eci=2&event_id=61ac9233-d89b-4aaa-a31e-6c699ea51558&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=3c66a34f-3701-4218-ae59-2d1b1049f2b6&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.30 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: t.co
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: muc_ads=e19bec48-9054-4abd-8981-ab333a768a90
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC393INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              perf: 7402827104
                                                                                                                                                                                                                                                                                              server: tsa_b
                                                                                                                                                                                                                                                                                              content-type: image/gif;charset=utf-8
                                                                                                                                                                                                                                                                                              cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                                                                                                                                              content-length: 43
                                                                                                                                                                                                                                                                                              x-transaction-id: a01882c9603ac6c3
                                                                                                                                                                                                                                                                                              strict-transport-security: max-age=0
                                                                                                                                                                                                                                                                                              x-response-time: 79
                                                                                                                                                                                                                                                                                              x-connection-hash: 28ab163dc2729d68115f482dc34645c0653a168eb03bc7ffe5f31731e8c077ee
                                                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 09 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              94192.168.11.2056714104.19.178.524432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC598OUTGET /scripttemplates/6.36.0/assets/v2/otPcCenter.json HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC809INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/json
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-MD5: ee1LIfkTbcemCp7i24lw6Q==
                                                                                                                                                                                                                                                                                              Last-Modified: Tue, 07 Jun 2022 19:28:58 GMT
                                                                                                                                                                                                                                                                                              x-ms-request-id: bb638d0f-801e-006c-44c6-0bd214000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Age: 61886
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              CF-RAY: 889ddbaa09ce81a9-IAD
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC560INData Raw: 37 63 37 39 0d 0a 0a 20 20 20 20 20 20 20 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 6f 74 50 63 43 65 6e 74 65 72 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 68 74 6d 6c 22 3a 20 22 50 47 52 70 64 69 42 70 5a 44 30 69 62 32 35 6c 64 48 4a 31 63 33 51 74 63 47 4d 74 63 32 52 72 49 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 52 51 59 30 4e 6c 62 6e 52 6c 63 69 42 76 64 43 31 6f 61 57 52 6c 49 47 39 30 4c 57 5a 68 5a 47 55 74 61 57 34 69 49 47 46 79 61 57 45 74 62 57 39 6b 59 57 77 39 49 6e 52 79 64 57 55 69 49 48 4a 76 62 47 55 39 49 6d 46 73 5a 58 4a 30 5a 47 6c 68 62 47 39 6e 49 69 42 68 63 6d 6c 68 4c 57 52 6c 63 32 4e 79 61 57 4a 6c 5a 47 4a 35 50 53 4a 76 64 43 31 77 59 79 31 6b 5a 58 4e 6a 49 6a 34 38 49 53 30 74 49 45 4e
                                                                                                                                                                                                                                                                                              Data Ascii: 7c79 { "name": "otPcCenter", "html": "PGRpdiBpZD0ib25ldHJ1c3QtcGMtc2RrIiBjbGFzcz0ib3RQY0NlbnRlciBvdC1oaWRlIG90LWZhZGUtaW4iIGFyaWEtbW9kYWw9InRydWUiIHJvbGU9ImFsZXJ0ZGlhbG9nIiBhcmlhLWRlc2NyaWJlZGJ5PSJvdC1wYy1kZXNjIj48IS0tIEN
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 64 47 39 75 49 43 30 74 50 6a 78 6b 61 58 59 67 61 57 51 39 49 6d 39 30 4c 58 42 6a 4c 57 4e 76 62 6e 52 6c 62 6e 51 69 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 77 59 79 31 7a 59 33 4a 76 62 47 78 69 59 58 49 69 50 6a 78 6f 4d 69 42 70 5a 44 30 69 62 33 51 74 63 47 4d 74 64 47 6c 30 62 47 55 69 50 6c 6c 76 64 58 49 67 55 48 4a 70 64 6d 46 6a 65 54 77 76 61 44 49 2b 50 47 52 70 64 69 42 70 5a 44 30 69 62 33 51 74 63 47 4d 74 5a 47 56 7a 59 79 49 2b 50 43 39 6b 61 58 59 2b 50 47 4a 31 64 48 52 76 62 69 42 70 5a 44 30 69 59 57 4e 6a 5a 58 42 30 4c 58 4a 6c 59 32 39 74 62 57 56 75 5a 47 56 6b 4c 57 4a 30 62 69 31 6f 59 57 35 6b 62 47 56 79 49 6a 35 42 62 47 78 76 64 79 42 68 62 47 77 38 4c 32 4a 31 64 48 52 76 62 6a 34 38 63 32 56 6a 64 47 6c 76 62 69 42
                                                                                                                                                                                                                                                                                              Data Ascii: dG9uIC0tPjxkaXYgaWQ9Im90LXBjLWNvbnRlbnQiIGNsYXNzPSJvdC1wYy1zY3JvbGxiYXIiPjxoMiBpZD0ib3QtcGMtdGl0bGUiPllvdXIgUHJpdmFjeTwvaDI+PGRpdiBpZD0ib3QtcGMtZGVzYyI+PC9kaXY+PGJ1dHRvbiBpZD0iYWNjZXB0LXJlY29tbWVuZGVkLWJ0bi1oYW5kbGVyIj5BbGxvdyBhbGw8L2J1dHRvbj48c2VjdGlvbiB
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 33 4a 6b 61 57 39 75 49 45 64 79 62 33 56 77 49 48 4e 6c 59 33 52 70 62 32 34 67 5a 57 35 6b 63 79 41 74 4c 54 34 38 4c 33 4e 6c 59 33 52 70 62 32 34 2b 50 43 39 6b 61 58 59 2b 50 48 4e 6c 59 33 52 70 62 32 34 67 61 57 51 39 49 6d 39 30 4c 58 42 6a 4c 57 78 7a 64 43 49 67 59 32 78 68 63 33 4d 39 49 6d 39 30 4c 57 68 70 5a 47 55 67 62 33 51 74 61 47 39 7a 64 48 4d 74 64 57 6b 67 62 33 51 74 63 47 4d 74 63 32 4e 79 62 32 78 73 59 6d 46 79 49 6a 34 38 5a 47 6c 32 49 47 6c 6b 50 53 4a 76 64 43 31 77 59 79 31 6f 5a 48 49 69 50 6a 78 6b 61 58 59 67 61 57 51 39 49 6d 39 30 4c 57 78 7a 64 43 31 30 61 58 52 73 5a 53 49 2b 50 47 4a 31 64 48 52 76 62 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 62 47 6c 75 61 79 31 69 64 47 34 67 59 6d 46 6a 61 79 31 69 64 47 34 74
                                                                                                                                                                                                                                                                                              Data Ascii: 3JkaW9uIEdyb3VwIHNlY3Rpb24gZW5kcyAtLT48L3NlY3Rpb24+PC9kaXY+PHNlY3Rpb24gaWQ9Im90LXBjLWxzdCIgY2xhc3M9Im90LWhpZGUgb3QtaG9zdHMtdWkgb3QtcGMtc2Nyb2xsYmFyIj48ZGl2IGlkPSJvdC1wYy1oZHIiPjxkaXYgaWQ9Im90LWxzdC10aXRsZSI+PGJ1dHRvbiBjbGFzcz0ib3QtbGluay1idG4gYmFjay1idG4t
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 59 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 62 48 4e 30 4c 58 4e 31 59 6d 68 6b 63 69 49 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 63 32 56 68 63 6d 4e 6f 4c 57 4e 75 64 48 49 69 50 6a 78 77 49 48 4a 76 62 47 55 39 49 6e 4e 30 59 58 52 31 63 79 49 67 59 32 78 68 63 33 4d 39 49 6d 39 30 4c 58 4e 6a 63 6d 34 74 63 6d 52 79 49 6a 34 38 4c 33 41 2b 50 47 78 68 59 6d 56 73 49 47 5a 76 63 6a 30 69 64 6d 56 75 5a 47 39 79 4c 58 4e 6c 59 58 4a 6a 61 43 31 6f 59 57 35 6b 62 47 56 79 49 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 63 32 4e 79 62 69 31 79 5a 48 49 69 50 6a 77 76 62 47 46 69 5a 57 77 2b 49 44 78 70 62 6e 42 31 64 43 42 70 5a 44 30 69 64 6d 56 75 5a 47 39 79 4c 58 4e 6c 59 58 4a 6a 61 43 31 6f 59 57 35 6b 62
                                                                                                                                                                                                                                                                                              Data Ascii: Y+PGRpdiBjbGFzcz0ib3QtbHN0LXN1YmhkciI+PGRpdiBjbGFzcz0ib3Qtc2VhcmNoLWNudHIiPjxwIHJvbGU9InN0YXR1cyIgY2xhc3M9Im90LXNjcm4tcmRyIj48L3A+PGxhYmVsIGZvcj0idmVuZG9yLXNlYXJjaC1oYW5kbGVyIiBjbGFzcz0ib3Qtc2Nybi1yZHIiPjwvbGFiZWw+IDxpbnB1dCBpZD0idmVuZG9yLXNlYXJjaC1oYW5kb
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 7a 4f 6e 68 73 61 57 35 72 50 53 4a 6f 64 48 52 77 4f 69 38 76 64 33 64 33 4c 6e 63 7a 4c 6d 39 79 5a 79 38 78 4f 54 6b 35 4c 33 68 73 61 57 35 72 49 69 42 34 50 53 49 77 63 48 67 69 49 48 6b 39 49 6a 42 77 65 43 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 51 77 4d 69 34 31 4e 7a 63 67 4e 44 41 79 4c 6a 55 33 4e 79 49 67 65 47 31 73 4f 6e 4e 77 59 57 4e 6c 50 53 4a 77 63 6d 56 7a 5a 58 4a 32 5a 53 49 2b 50 48 52 70 64 47 78 6c 50 6b 5a 70 62 48 52 6c 63 69 42 4a 59 32 39 75 50 43 39 30 61 58 52 73 5a 54 34 38 5a 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 6d 5a 6d 49 69 42 6b 50 53 4a 4e 4e 44 41 77 4c 6a 67 31 4f 43 77 78 4d 53 34 30 4d 6a 64 6a 4c 54 4d 75 4d 6a 51 78 4c 54 63 75 4e 44 49 78 4c 54 67 75 4f 44 55 74 4d 54
                                                                                                                                                                                                                                                                                              Data Ascii: zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIgdmlld0JveD0iMCAwIDQwMi41NzcgNDAyLjU3NyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+PHRpdGxlPkZpbHRlciBJY29uPC90aXRsZT48Zz48cGF0aCBmaWxsPSIjZmZmIiBkPSJNNDAwLjg1OCwxMS40MjdjLTMuMjQxLTcuNDIxLTguODUtMT
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 4c 58 42 6a 4c 58 4e 6a 63 6d 39 73 62 47 4a 68 63 69 49 2b 50 47 52 70 64 69 42 70 5a 44 30 69 62 33 51 74 63 32 56 73 4c 57 4a 73 61 79 49 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 63 32 56 73 4c 57 46 73 62 43 49 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 63 32 56 73 4c 57 46 73 62 43 31 6f 5a 48 49 69 50 6a 78 7a 63 47 46 75 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 6a 62 32 35 7a 5a 57 35 30 4c 57 68 6b 63 69 49 2b 51 32 39 75 63 32 56 75 64 44 77 76 63 33 42 68 62 6a 34 67 50 48 4e 77 59 57 34 67 59 32 78 68 63 33 4d 39 49 6d 39 30 4c 57 78 70 4c 57 68 6b 63 69 49 2b 54 47 56 6e 4c 6b 6c 75 64 47 56 79 5a 58 4e 30 50 43 39 7a 63 47 46 75 50 6a 77 76 5a 47 6c 32 50 6a 78 6b 61 58 59 67 59 32 78 68 63 33 4d
                                                                                                                                                                                                                                                                                              Data Ascii: LXBjLXNjcm9sbGJhciI+PGRpdiBpZD0ib3Qtc2VsLWJsayI+PGRpdiBjbGFzcz0ib3Qtc2VsLWFsbCI+PGRpdiBjbGFzcz0ib3Qtc2VsLWFsbC1oZHIiPjxzcGFuIGNsYXNzPSJvdC1jb25zZW50LWhkciI+Q29uc2VudDwvc3Bhbj4gPHNwYW4gY2xhc3M9Im90LWxpLWhkciI+TGVnLkludGVyZXN0PC9zcGFuPjwvZGl2PjxkaXYgY2xhc3M
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 57 35 72 49 43 30 74 50 6a 78 6b 61 58 59 67 59 32 78 68 63 33 4d 39 49 6d 39 30 4c 58 5a 6c 62 69 31 6f 5a 48 49 69 50 6a 78 6f 4d 79 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 64 6d 56 75 4c 57 35 68 62 57 55 69 50 6a 77 76 61 44 4d 2b 50 47 45 67 59 32 78 68 63 33 4d 39 49 6d 39 30 4c 58 5a 6c 62 69 31 73 61 57 35 72 49 69 42 6f 63 6d 56 6d 50 53 49 6a 49 6a 35 57 61 57 56 33 49 46 42 79 61 58 5a 68 59 33 6b 67 54 6d 39 30 61 57 4e 6c 50 43 39 68 50 6a 77 76 5a 47 6c 32 50 6a 77 68 4c 53 30 67 64 47 39 6e 5a 32 78 6c 63 79 42 68 62 6d 51 67 59 58 4a 79 62 33 63 67 4c 53 30 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 64 47 64 73 4c 57 4e 75 64 48 49 69 50 6a 77 76 5a 47 6c 32 50 6a 77 76 63 32 56 6a 64 47 6c 76 62 6a 34 38 5a 47 6c 32
                                                                                                                                                                                                                                                                                              Data Ascii: W5rIC0tPjxkaXYgY2xhc3M9Im90LXZlbi1oZHIiPjxoMyBjbGFzcz0ib3QtdmVuLW5hbWUiPjwvaDM+PGEgY2xhc3M9Im90LXZlbi1saW5rIiBocmVmPSIjIj5WaWV3IFByaXZhY3kgTm90aWNlPC9hPjwvZGl2PjwhLS0gdG9nZ2xlcyBhbmQgYXJyb3cgLS0+PGRpdiBjbGFzcz0ib3QtdGdsLWNudHIiPjwvZGl2Pjwvc2VjdGlvbj48ZGl2
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 52 79 49 6a 34 38 59 6e 56 30 64 47 39 75 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 73 61 57 35 72 4c 57 4a 30 62 69 42 6a 59 58 52 6c 5a 32 39 79 65 53 31 32 5a 57 35 6b 62 33 4a 7a 4c 57 78 70 63 33 51 74 61 47 46 75 5a 47 78 6c 63 69 49 2b 56 6d 6c 6c 64 79 42 57 5a 57 35 6b 62 33 49 67 54 47 6c 7a 64 44 77 76 59 6e 56 30 64 47 39 75 50 6a 77 76 5a 47 6c 32 50 6a 77 68 4c 53 30 67 51 32 39 76 61 32 6c 6c 49 47 78 76 63 33 51 67 62 47 6c 75 61 79 41 74 4c 54 34 38 5a 47 6c 32 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 6f 62 48 4e 30 4c 57 4e 75 64 48 49 69 50 6a 78 69 64 58 52 30 62 32 34 67 59 32 78 68 63 33 4d 39 49 6d 39 30 4c 57 78 70 62 6d 73 74 59 6e 52 75 49 47 4e 68 64 47 56 6e 62 33 4a 35 4c 57 68 76 63 33 51 74 62 47 6c 7a 64 43 31 6f 59
                                                                                                                                                                                                                                                                                              Data Ascii: RyIj48YnV0dG9uIGNsYXNzPSJvdC1saW5rLWJ0biBjYXRlZ29yeS12ZW5kb3JzLWxpc3QtaGFuZGxlciI+VmlldyBWZW5kb3IgTGlzdDwvYnV0dG9uPjwvZGl2PjwhLS0gQ29va2llIGxvc3QgbGluayAtLT48ZGl2IGNsYXNzPSJvdC1obHN0LWNudHIiPjxidXR0b24gY2xhc3M9Im90LWxpbmstYnRuIGNhdGVnb3J5LWhvc3QtbGlzdC1oY
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 6c 64 43 31 79 61 57 64 6f 64 43 49 67 63 6d 39 73 5a 54 30 69 61 57 31 6e 49 69 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 5a 70 5a 58 64 43 62 33 67 39 49 6a 41 67 4d 43 41 78 4f 54 49 67 4e 54 45 79 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 4a 6a 64 58 4a 79 5a 57 35 30 51 32 39 73 62 33 49 69 49 47 51 39 49 6b 30 78 4e 6a 59 75 4f 53 41 79 4e 6a 51 75 4e 57 77 74 4d 54 45 33 4c 6a 67 67 4d 54 45 32 59 79 30 30 4c 6a 63 67 4e 43 34 33 4c 54 45 79 4c 6a 4d 67 4e 43 34 33 4c 54 45 33 49 44 42 73 4c 54 63 75 4d 53 30 33 4c 6a 46 6a 4c 54 51 75 4e 79 30 30 4c 6a 63 74 4e 43 34 33 4c 54 45 79 4c 6a 4d 67 4d 43 30 78 4e 30 77 78 4d 6a 63 75 4d 79
                                                                                                                                                                                                                                                                                              Data Ascii: ldC1yaWdodCIgcm9sZT0iaW1nIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAxOTIgNTEyIj48cGF0aCBmaWxsPSJjdXJyZW50Q29sb3IiIGQ9Ik0xNjYuOSAyNjQuNWwtMTE3LjggMTE2Yy00LjcgNC43LTEyLjMgNC43LTE3IDBsLTcuMS03LjFjLTQuNy00LjctNC43LTEyLjMgMC0xN0wxMjcuMy
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 62 57 46 30 61 57 39 75 49 48 4e 30 62 33 4a 68 5a 32 55 67 59 57 35 6b 49 47 46 6a 59 32 56 7a 63 79 42 30 5a 58 4e 30 50 43 39 6f 4e 44 34 38 4c 32 52 70 64 6a 34 38 49 53 30 74 49 47 46 6a 59 32 39 79 5a 47 6c 76 62 69 42 6b 5a 58 52 68 61 57 77 67 4c 53 30 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 59 57 4e 6a 4c 57 64 79 63 47 4e 75 64 48 49 67 62 33 51 74 59 57 4e 6a 4c 58 52 34 64 43 42 76 64 43 31 32 62 6d 51 74 61 57 35 6d 62 79 31 6a 62 6e 52 79 49 6a 34 38 5a 47 6c 32 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 32 62 6d 51 74 61 57 35 6d 62 79 49 2b 50 47 67 31 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 32 62 6d 51 74 62 47 4a 73 49 6a 35 54 5a 58 4a 32 61 57 4e 6c 49 45 35 68 62 57 55 38 4c 32 67 31 50 6a 78 6f 4e 69 42
                                                                                                                                                                                                                                                                                              Data Ascii: bWF0aW9uIHN0b3JhZ2UgYW5kIGFjY2VzcyB0ZXN0PC9oND48L2Rpdj48IS0tIGFjY29yZGlvbiBkZXRhaWwgLS0+PGRpdiBjbGFzcz0ib3QtYWNjLWdycGNudHIgb3QtYWNjLXR4dCBvdC12bmQtaW5mby1jbnRyIj48ZGl2IGNsYXNzPSJvdC12bmQtaW5mbyI+PGg1IGNsYXNzPSJvdC12bmQtbGJsIj5TZXJ2aWNlIE5hbWU8L2g1PjxoNiB


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              95192.168.11.2053131104.19.178.52443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC598OUTGET /scripttemplates/6.36.0/assets/otCommonStyles.css HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC826INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/css
                                                                                                                                                                                                                                                                                              Content-Length: 21866
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-MD5: /wtHD+oYY7dZRzCx50GZrQ==
                                                                                                                                                                                                                                                                                              Last-Modified: Tue, 07 Jun 2022 19:29:11 GMT
                                                                                                                                                                                                                                                                                              ETag: 0x8DA48BBFFACBC2F
                                                                                                                                                                                                                                                                                              x-ms-request-id: ee661ea6-c01e-0020-3440-0d4224000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Age: 52954
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              CF-RAY: 889ddbaa0db20850-IAD
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC543INData Raw: 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 7b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 6e 65 74 72 75 73 74 2d 76 65 6e 64 6f 72 73 2d 6c 69 73 74 2d 68 61 6e 64 6c 65 72 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 63 6f 6c 6f 72 3a 23 31 66 39 36 64 62 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 70 78 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 6e 65
                                                                                                                                                                                                                                                                                              Data Ascii: #onetrust-banner-sdk{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}#onetrust-banner-sdk .onetrust-vendors-list-handler{cursor:pointer;color:#1f96db;font-size:inherit;font-weight:bold;text-decoration:none;margin-left:5px}#onetrust-banner-sdk .one
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 6b 20 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 62 74 6e 2d 68 61 6e 64 6c 65 72 7b 6f 75 74 6c 69 6e 65 2d 6f 66 66 73 65 74 3a 31 70 78 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 63 6c 6f 73 65 2d 69 63 6f 6e 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 63 6c 6f 73 65 2d 69 63 6f 6e 2c 23 6f 74 2d 73 79 6e 63 2d 6e 74 66 79 20 2e 6f 74 2d 63 6c 6f 73 65 2d 69 63 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 32 5a 58 4a 7a 61 57 39 75 50 53 49 78 4c 6a 45 69 49 48 68 74 62 47 35 7a 50 53 4a 6f 64 48 52 77 4f 69 38 76 64 33 64 33 4c 6e 63 7a 4c 6d 39 79 5a 79 38 79 4d 44 41 77
                                                                                                                                                                                                                                                                                              Data Ascii: k #onetrust-pc-btn-handler{outline-offset:1px}#onetrust-banner-sdk .ot-close-icon,#onetrust-pc-sdk .ot-close-icon,#ot-sync-ntfy .ot-close-icon{background-image:url("data:image/svg+xml;base64,PHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 68 74 3a 31 32 70 78 3b 77 69 64 74 68 3a 31 32 70 78 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 70 6f 77 65 72 65 64 2d 62 79 2d 6c 6f 67 6f 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 70 63 2d 66 6f 6f 74 65 72 2d 6c 6f 67 6f 20 61 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 70 6f 77 65 72 65 64 2d 62 79 2d 6c 6f 67 6f 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 70 63 2d 66 6f 6f 74 65 72 2d 6c 6f 67 6f 20 61 2c 23 6f 74 2d 73 79 6e 63 2d 6e 74 66 79 20 2e 70 6f 77 65 72 65 64 2d 62 79 2d 6c 6f 67 6f 2c 23 6f 74 2d 73 79 6e 63 2d 6e 74 66 79 20 2e 6f 74 2d 70 63 2d 66 6f 6f 74 65 72 2d 6c 6f 67 6f 20 61 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f
                                                                                                                                                                                                                                                                                              Data Ascii: ht:12px;width:12px}#onetrust-banner-sdk .powered-by-logo,#onetrust-banner-sdk .ot-pc-footer-logo a,#onetrust-pc-sdk .powered-by-logo,#onetrust-pc-sdk .ot-pc-footer-logo a,#ot-sync-ntfy .powered-by-logo,#ot-sync-ntfy .ot-pc-footer-logo a{background-size:co
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 72 6f 77 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 3a 30 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6e 74 61 69 6e 65 72 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 72 6f 77 7b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 3b 77 69 64 74 68 3a 31 30 30 25 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 3a 63 68 65 63 6b 65 64 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 3a 6e 6f 74 28 3a 63 68 65
                                                                                                                                                                                                                                                                                              Data Ascii: }#onetrust-pc-sdk .ot-sdk-row .ot-sdk-column{padding:0}#onetrust-pc-sdk .ot-sdk-container{padding-right:0}#onetrust-pc-sdk .ot-sdk-row{flex-direction:initial;width:100%}#onetrust-pc-sdk [type="checkbox"]:checked,#onetrust-pc-sdk [type="checkbox"]:not(:che
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 6e 2c 2e 6f 6e 65 74 72 75 73 74 2d 70 63 2d 64 61 72 6b 2d 66 69 6c 74 65 72 2e 6f 74 2d 66 61 64 65 2d 69 6e 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 2e 6f 74 2d 66 61 64 65 2d 69 6e 7b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 6f 6e 65 74 72 75 73 74 2d 66 61 64 65 2d 69 6e 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 34 30 30 6d 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 65 61 73 65 2d 69 6e 2d 6f 75 74 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 2e 6f 74 2d 68 69 64 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6f 6e 65 74 72 75 73 74 2d 70 63 2d 64 61 72 6b 2d 66 69 6c 74 65 72 2e 6f 74 2d 68 69 64 65 7b 64 69 73 70 6c 61 79 3a
                                                                                                                                                                                                                                                                                              Data Ascii: n,.onetrust-pc-dark-filter.ot-fade-in,#onetrust-banner-sdk.ot-fade-in{animation-name:onetrust-fade-in;animation-duration:400ms;animation-timing-function:ease-in-out}#onetrust-pc-sdk.ot-hide{display:none !important}.onetrust-pc-dark-filter.ot-hide{display:
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 69 74 6c 65 3e 73 70 61 6e 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 75 73 65 72 69 64 2d 74 69 6d 65 73 74 61 6d 70 3e 73 70 61 6e 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 75 73 65 72 69 64 2d 64 65 73 63 7b 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 74 61 6c 69 63 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 68 6f 73 74 2d 64 65 73 63 20 61 7b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 69 6e 69 74 69 61 6c 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 76 65 6e 2d 68 64 72 3e 70 20 61 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7a 2d 69 6e 64 65 78 3a 32 3b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 69 6e 69
                                                                                                                                                                                                                                                                                              Data Ascii: itle>span,#onetrust-pc-sdk .ot-userid-timestamp>span{font-weight:700}#onetrust-pc-sdk .ot-userid-desc{font-style:italic}#onetrust-pc-sdk .ot-host-desc a{pointer-events:initial}#onetrust-pc-sdk .ot-ven-hdr>p a{position:relative;z-index:2;pointer-events:ini
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 6e 74 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 74 6f 67 67 6c 65 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 23 6f 74 2d 63 6f 6e 74 65 6e 74 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 23 6f 74 2d 70 63 2d 63 6f 6e 74 65 6e 74 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 63 68 65 63 6b 62 6f 78 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 64 69 76 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 73 70 61 6e 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 68 31 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 68 32 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 68 33 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20
                                                                                                                                                                                                                                                                                              Data Ascii: nt,#onetrust-banner-sdk .ot-toggle,#onetrust-banner-sdk #ot-content,#onetrust-banner-sdk #ot-pc-content,#onetrust-banner-sdk .checkbox,#onetrust-pc-sdk div,#onetrust-pc-sdk span,#onetrust-pc-sdk h1,#onetrust-pc-sdk h2,#onetrust-pc-sdk h3,#onetrust-pc-sdk
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 74 64 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 74 62 6f 64 79 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 2e 6f 74 2d 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 2e 6f 74 2d 74 6f 67 67 6c 65 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 23 6f 74 2d 63 6f 6e 74 65 6e 74 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 23 6f 74 2d 70 63 2d 63 6f 6e 74 65 6e 74 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 2e 63 68 65 63 6b 62 6f 78 2c 23 6f 74 2d 73 79 6e 63 2d 6e 74 66 79 20 64 69 76 2c 23 6f 74 2d 73 79 6e 63 2d 6e
                                                                                                                                                                                                                                                                                              Data Ascii: ot-sdk-cookie-policy td,#ot-sdk-cookie-policy tbody,#ot-sdk-cookie-policy .ot-main-content,#ot-sdk-cookie-policy .ot-toggle,#ot-sdk-cookie-policy #ot-content,#ot-sdk-cookie-policy #ot-pc-content,#ot-sdk-cookie-policy .checkbox,#ot-sync-ntfy div,#ot-sync-n
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 61 6e 6e 65 72 2d 73 64 6b 20 6c 61 62 65 6c 3a 61 66 74 65 72 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 63 68 65 63 6b 62 6f 78 3a 61 66 74 65 72 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 63 68 65 63 6b 62 6f 78 3a 62 65 66 6f 72 65 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 6c 61 62 65 6c 3a 62 65 66 6f 72 65 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 6c 61 62 65 6c 3a 61 66 74 65 72 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 63 68 65 63 6b 62 6f 78 3a 61 66 74 65 72 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 63 68 65 63 6b 62 6f 78 3a 62 65 66 6f 72 65 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 6c 61 62 65 6c 3a 62 65 66 6f
                                                                                                                                                                                                                                                                                              Data Ascii: anner-sdk label:after,#onetrust-banner-sdk .checkbox:after,#onetrust-banner-sdk .checkbox:before,#onetrust-pc-sdk label:before,#onetrust-pc-sdk label:after,#onetrust-pc-sdk .checkbox:after,#onetrust-pc-sdk .checkbox:before,#ot-sdk-cookie-policy label:befo
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC1369INData Raw: 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 73 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 73 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 73 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 34 25 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 73
                                                                                                                                                                                                                                                                                              Data Ascii: .ot-sdk-columns,#onetrust-pc-sdk .ot-sdk-column,#onetrust-pc-sdk .ot-sdk-columns,#ot-sdk-cookie-policy .ot-sdk-column,#ot-sdk-cookie-policy .ot-sdk-columns{margin-left:4%}#onetrust-banner-sdk .ot-sdk-column:first-child,#onetrust-banner-sdk .ot-sdk-columns


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              96192.168.11.205738440.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 8927
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:41 UTC8927OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 4306
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC4306INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              97192.168.11.2013506104.19.178.52443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC394OUTGET /scripttemplates/6.36.0/assets/otCenterRounded.json HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC809INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/json
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-MD5: eB5KwLWtcYPmjc/KKwC/xQ==
                                                                                                                                                                                                                                                                                              Last-Modified: Tue, 07 Jun 2022 19:28:57 GMT
                                                                                                                                                                                                                                                                                              x-ms-request-id: ed703d84-601e-0080-5072-79c685000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Age: 46068
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              CF-RAY: 889ddbabb9b0056c-IAD
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC560INData Raw: 32 35 32 33 0d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 6f 74 43 65 6e 74 65 72 52 6f 75 6e 64 65 64 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 68 74 6d 6c 22 3a 20 22 50 47 52 70 64 69 42 70 5a 44 30 69 62 32 35 6c 64 48 4a 31 63 33 51 74 59 6d 46 75 62 6d 56 79 4c 58 4e 6b 61 79 49 67 59 32 78 68 63 33 4d 39 49 6d 39 30 51 32 56 75 64 47 56 79 55 6d 39 31 62 6d 52 6c 5a 43 49 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 63 32 52 72 4c 57 4e 76 62 6e 52 68 61 57 35 6c 63 69 49 67 63 6d 39 73 5a 54 30 69 59 57 78 6c 63 6e 52 6b 61 57 46 73 62 32 63 69 49 47 46 79 61 57 45 74 5a 47 56 7a 59 33 4a 70 59 6d 56 6b 59 6e 6b 39 49 6d 39 75 5a 58
                                                                                                                                                                                                                                                                                              Data Ascii: 2523 { "name": "otCenterRounded", "html": "PGRpdiBpZD0ib25ldHJ1c3QtYmFubmVyLXNkayIgY2xhc3M9Im90Q2VudGVyUm91bmRlZCI+PGRpdiBjbGFzcz0ib3Qtc2RrLWNvbnRhaW5lciIgcm9sZT0iYWxlcnRkaWFsb2ciIGFyaWEtZGVzY3JpYmVkYnk9Im9uZX
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 30 61 58 52 73 5a 53 49 2b 56 47 6c 30 62 47 55 38 4c 32 67 79 50 6a 78 77 49 47 6c 6b 50 53 4a 76 62 6d 56 30 63 6e 56 7a 64 43 31 77 62 32 78 70 59 33 6b 74 64 47 56 34 64 43 49 2b 64 47 56 34 64 44 78 68 49 47 68 79 5a 57 59 39 49 69 4d 69 50 6e 42 76 62 47 6c 6a 65 54 77 76 59 54 34 38 4c 33 41 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 5a 48 42 6b 4c 57 4e 76 62 6e 52 68 61 57 35 6c 63 69 49 2b 50 47 67 7a 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 6b 63 47 51 74 64 47 6c 30 62 47 55 69 50 6a 77 76 61 44 4d 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 5a 48 42 6b 4c 57 4e 76 62 6e 52 6c 62 6e 51 69 50 6a 78 77 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 6b 63 47 51 74 5a 47 56 7a 59 79 49 2b 50 43 39 77 50 6a
                                                                                                                                                                                                                                                                                              Data Ascii: 0aXRsZSI+VGl0bGU8L2gyPjxwIGlkPSJvbmV0cnVzdC1wb2xpY3ktdGV4dCI+dGV4dDxhIGhyZWY9IiMiPnBvbGljeTwvYT48L3A+PGRpdiBjbGFzcz0ib3QtZHBkLWNvbnRhaW5lciI+PGgzIGNsYXNzPSJvdC1kcGQtdGl0bGUiPjwvaDM+PGRpdiBjbGFzcz0ib3QtZHBkLWNvbnRlbnQiPjxwIGNsYXNzPSJvdC1kcGQtZGVzYyI+PC9wPj
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 64 6a 34 38 4c 32 52 70 64 6a 34 38 4c 32 52 70 64 6a 34 3d 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 63 73 73 22 3a 20 22 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 31 38 70 78 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 2e 6f 74 43 65 6e 74 65 72 52 6f 75 6e 64 65 64 7b 7a 2d 69 6e 64 65 78 3a 32 31 34 37 34 38 33 36 34 35 3b 74 6f 70 3a 31 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 72 69 67 68 74 3a 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 77 69 64 74 68 3a 36 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 36 35 30 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 2e 35
                                                                                                                                                                                                                                                                                              Data Ascii: dj48L2Rpdj48L2Rpdj4=", "css": "#onetrust-banner-sdk{box-shadow:0 0 18px rgba(0,0,0,.2)}#onetrust-banner-sdk.otCenterRounded{z-index:2147483645;top:10%;position:fixed;right:0;background-color:#fff;width:60%;max-width:650px;border-radius:2.5
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 61 64 64 69 6e 67 3a 30 3b 62 6f 72 64 65 72 3a 30 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 77 69 64 74 68 3a 61 75 74 6f 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 62 2d 61 64 64 6c 2d 64 65 73 63 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 23 6f 6e 65 74 72 75 73 74 2d 62 75 74 74 6f 6e 2d 67 72 6f 75 70 2d 70 61 72 65 6e 74 7b 70 61 64 64 69 6e 67 3a 31 35 70 78 20 33 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 23 6f 6e 65 74 72 75 73 74 2d 62 75 74 74 6f 6e 2d 67 72 6f 75 70 2d 70 61 72 65 6e 74 3a 6e 6f 74 28 2e 68 61 73 2d 72 65 6a 65 63 74 2d 61 6c 6c 2d 62 75 74 74 6f
                                                                                                                                                                                                                                                                                              Data Ascii: adding:0;border:0;height:auto;width:auto}#onetrust-banner-sdk .ot-b-addl-desc{display:block}#onetrust-banner-sdk #onetrust-button-group-parent{padding:15px 30px;text-align:center}#onetrust-banner-sdk #onetrust-button-group-parent:not(.has-reject-all-butto
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 73 74 2d 70 63 2d 62 74 6e 2d 68 61 6e 64 6c 65 72 2e 63 6f 6f 6b 69 65 2d 73 65 74 74 69 6e 67 2d 6c 69 6e 6b 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 68 61 73 2d 72 65 6a 65 63 74 2d 61 6c 6c 2d 62 75 74 74 6f 6e 20 2e 62 61 6e 6e 65 72 2d 61 63 74 69 6f 6e 73 2d 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 36 30 25 3b 77 69 64 74 68 3a 61 75 74 6f 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 63 6c 6f 73 65 2d 69 63 6f 6e 7b 77 69 64 74 68 3a 34 34 70 78 3b 68 65 69 67 68 74 3a 34 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 2d 31 38 70
                                                                                                                                                                                                                                                                                              Data Ascii: st-pc-btn-handler.cookie-setting-link{text-align:left;margin-right:0}#onetrust-banner-sdk .has-reject-all-button .banner-actions-container{max-width:60%;width:auto}#onetrust-banner-sdk .ot-close-icon{width:44px;height:44px;background-size:12px;margin:-18p
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 33 30 30 6d 73 20 65 61 73 65 2d 69 6e 20 30 73 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 33 30 30 6d 73 20 65 61 73 65 2d 69 6e 20 30 73 3b 2d 6f 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 33 30 30 6d 73 20 65 61 73 65 2d 69 6e 20 30 73 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 61 72 72 6f 77 2d 63 6f 6e 74 61 69 6e 65 72 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 36 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 36 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 36
                                                                                                                                                                                                                                                                                              Data Ascii: webkit-transition:all 300ms ease-in 0s;-moz-transition:all 300ms ease-in 0s;-o-transition:all 300ms ease-in 0s}#onetrust-banner-sdk .ot-arrow-container{display:inline-block;border-top:6px solid transparent;border-bottom:6px solid transparent;border-left:6
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 6c 6f 73 65 2d 62 74 6e 2d 6c 69 6e 6b 20 23 6f 6e 65 74 72 75 73 74 2d 63 6c 6f 73 65 2d 62 74 6e 2d 63 6f 6e 74 61 69 6e 65 72 7b 74 6f 70 3a 31 35 70 78 3b 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 3b 72 69 67 68 74 3a 31 35 70 78 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 2e 6f 74 2d 63 6c 6f 73 65 2d 62 74 6e 2d 6c 69 6e 6b 20 23 6f 6e 65 74 72 75 73 74 2d 63 6c 6f 73 65 2d 62 74 6e 2d 63 6f 6e 74 61 69 6e 65 72 20 62 75 74 74 6f 6e 7b 70 61 64 64 69 6e 67 3a 30 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 2d 77 72 61 70 3b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 61 75 74 6f 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 35 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 66 6f 6e
                                                                                                                                                                                                                                                                                              Data Ascii: lose-btn-link #onetrust-close-btn-container{top:15px;transform:none;right:15px}#onetrust-banner-sdk.ot-close-btn-link #onetrust-close-btn-container button{padding:0;white-space:pre-wrap;border:none;height:auto;line-height:1.5;text-decoration:underline;fon
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC741INData Raw: 32 32 70 78 3b 77 69 64 74 68 3a 63 61 6c 63 28 31 30 30 25 20 2d 20 34 34 70 78 29 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 23 6f 6e 65 74 72 75 73 74 2d 62 75 74 74 6f 6e 2d 67 72 6f 75 70 2d 70 61 72 65 6e 74 7b 70 61 64 64 69 6e 67 3a 31 35 70 78 20 32 32 70 78 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 23 62 61 6e 6e 65 72 2d 6f 70 74 69 6f 6e 73 7b 70 61 64 64 69 6e 67 3a 30 20 32 32 70 78 3b 77 69 64 74 68 3a 63 61 6c 63 28 31 30 30 25 20 2d 20 34 34 70 78 29 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 62 61 6e 6e 65 72 2d 6f 70 74 69 6f 6e 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 36 70 78 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 68 61 73 2d 72
                                                                                                                                                                                                                                                                                              Data Ascii: 22px;width:calc(100% - 44px)}#onetrust-banner-sdk #onetrust-button-group-parent{padding:15px 22px}#onetrust-banner-sdk #banner-options{padding:0 22px;width:calc(100% - 44px)}#onetrust-banner-sdk .banner-option{margin-bottom:6px}#onetrust-banner-sdk .has-r
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              98192.168.11.2056390104.244.42.1954432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC985OUTGET /i/adsct?bci=3&eci=2&event_id=61ac9233-d89b-4aaa-a31e-6c699ea51558&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=3c66a34f-3701-4218-ae59-2d1b1049f2b6&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.30 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: analytics.twitter.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC572INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              perf: 7402827104
                                                                                                                                                                                                                                                                                              server: tsa_b
                                                                                                                                                                                                                                                                                              set-cookie: personalization_id="v1_ykmy21nCg+qBjPlr+hNE+Q=="; Max-Age=63072000; Expires=Tue, 26 May 2026 12:44:42 GMT; Path=/; Domain=.twitter.com; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              content-type: image/gif;charset=utf-8
                                                                                                                                                                                                                                                                                              cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                                                                                                                                              content-length: 43
                                                                                                                                                                                                                                                                                              x-transaction-id: 3a74df8c28264a26
                                                                                                                                                                                                                                                                                              strict-transport-security: max-age=631138519
                                                                                                                                                                                                                                                                                              x-response-time: 83
                                                                                                                                                                                                                                                                                              x-connection-hash: f500a472fec1ab33fa0f07e89a11137af56cae86a19c83d7a2c60e736b94b69e
                                                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 09 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              99192.168.11.206391135.244.154.84432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC542OUTGET /1000.gif?memo=CP2yKxIwCiwIARCl_gkaJDUzNTJiMDQ1LTY0ODAtNGVkNC1hMTM2LTg5NjY1NDk3MTJjMBAAGg0Iud3MsgYSBQjoBxAAQgBKAA HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: idsync.rlcdn.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: rlas3=icnAo/BpX6E+9wmtA5aOKQYs4mFDs3K9/GfhTMwMAJU=; pxrc=CLndzLIGEgUI6AcQAA==
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC612INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store
                                                                                                                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                                                                                                                              P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
                                                                                                                                                                                                                                                                                              Set-Cookie: rlas3=Bob0qV6XC7Y+9wmtA5aOKQYs4mFDs3K9/GfhTMwMAJU=; Path=/; Domain=rlcdn.com; Expires=Mon, 26 May 2025 12:44:42 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: pxrc=CLndzLIGEgUI6AcQAQ==; Path=/; Domain=rlcdn.com; Expires=Thu, 25 Jul 2024 12:44:42 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              Content-Length: 42
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              100192.168.11.2060616104.19.178.524432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC392OUTGET /scripttemplates/6.36.0/assets/v2/otPcCenter.json HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC809INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/json
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-MD5: ee1LIfkTbcemCp7i24lw6Q==
                                                                                                                                                                                                                                                                                              Last-Modified: Tue, 07 Jun 2022 19:28:58 GMT
                                                                                                                                                                                                                                                                                              x-ms-request-id: 9678d4df-e01e-006a-26c6-0be1ab000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Age: 62246
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              CF-RAY: 889ddbad0e9c8248-IAD
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC560INData Raw: 37 63 37 39 0d 0a 0a 20 20 20 20 20 20 20 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 6f 74 50 63 43 65 6e 74 65 72 22 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 22 68 74 6d 6c 22 3a 20 22 50 47 52 70 64 69 42 70 5a 44 30 69 62 32 35 6c 64 48 4a 31 63 33 51 74 63 47 4d 74 63 32 52 72 49 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 52 51 59 30 4e 6c 62 6e 52 6c 63 69 42 76 64 43 31 6f 61 57 52 6c 49 47 39 30 4c 57 5a 68 5a 47 55 74 61 57 34 69 49 47 46 79 61 57 45 74 62 57 39 6b 59 57 77 39 49 6e 52 79 64 57 55 69 49 48 4a 76 62 47 55 39 49 6d 46 73 5a 58 4a 30 5a 47 6c 68 62 47 39 6e 49 69 42 68 63 6d 6c 68 4c 57 52 6c 63 32 4e 79 61 57 4a 6c 5a 47 4a 35 50 53 4a 76 64 43 31 77 59 79 31 6b 5a 58 4e 6a 49 6a 34 38 49 53 30 74 49 45 4e
                                                                                                                                                                                                                                                                                              Data Ascii: 7c79 { "name": "otPcCenter", "html": "PGRpdiBpZD0ib25ldHJ1c3QtcGMtc2RrIiBjbGFzcz0ib3RQY0NlbnRlciBvdC1oaWRlIG90LWZhZGUtaW4iIGFyaWEtbW9kYWw9InRydWUiIHJvbGU9ImFsZXJ0ZGlhbG9nIiBhcmlhLWRlc2NyaWJlZGJ5PSJvdC1wYy1kZXNjIj48IS0tIEN
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 64 47 39 75 49 43 30 74 50 6a 78 6b 61 58 59 67 61 57 51 39 49 6d 39 30 4c 58 42 6a 4c 57 4e 76 62 6e 52 6c 62 6e 51 69 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 77 59 79 31 7a 59 33 4a 76 62 47 78 69 59 58 49 69 50 6a 78 6f 4d 69 42 70 5a 44 30 69 62 33 51 74 63 47 4d 74 64 47 6c 30 62 47 55 69 50 6c 6c 76 64 58 49 67 55 48 4a 70 64 6d 46 6a 65 54 77 76 61 44 49 2b 50 47 52 70 64 69 42 70 5a 44 30 69 62 33 51 74 63 47 4d 74 5a 47 56 7a 59 79 49 2b 50 43 39 6b 61 58 59 2b 50 47 4a 31 64 48 52 76 62 69 42 70 5a 44 30 69 59 57 4e 6a 5a 58 42 30 4c 58 4a 6c 59 32 39 74 62 57 56 75 5a 47 56 6b 4c 57 4a 30 62 69 31 6f 59 57 35 6b 62 47 56 79 49 6a 35 42 62 47 78 76 64 79 42 68 62 47 77 38 4c 32 4a 31 64 48 52 76 62 6a 34 38 63 32 56 6a 64 47 6c 76 62 69 42
                                                                                                                                                                                                                                                                                              Data Ascii: dG9uIC0tPjxkaXYgaWQ9Im90LXBjLWNvbnRlbnQiIGNsYXNzPSJvdC1wYy1zY3JvbGxiYXIiPjxoMiBpZD0ib3QtcGMtdGl0bGUiPllvdXIgUHJpdmFjeTwvaDI+PGRpdiBpZD0ib3QtcGMtZGVzYyI+PC9kaXY+PGJ1dHRvbiBpZD0iYWNjZXB0LXJlY29tbWVuZGVkLWJ0bi1oYW5kbGVyIj5BbGxvdyBhbGw8L2J1dHRvbj48c2VjdGlvbiB
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 33 4a 6b 61 57 39 75 49 45 64 79 62 33 56 77 49 48 4e 6c 59 33 52 70 62 32 34 67 5a 57 35 6b 63 79 41 74 4c 54 34 38 4c 33 4e 6c 59 33 52 70 62 32 34 2b 50 43 39 6b 61 58 59 2b 50 48 4e 6c 59 33 52 70 62 32 34 67 61 57 51 39 49 6d 39 30 4c 58 42 6a 4c 57 78 7a 64 43 49 67 59 32 78 68 63 33 4d 39 49 6d 39 30 4c 57 68 70 5a 47 55 67 62 33 51 74 61 47 39 7a 64 48 4d 74 64 57 6b 67 62 33 51 74 63 47 4d 74 63 32 4e 79 62 32 78 73 59 6d 46 79 49 6a 34 38 5a 47 6c 32 49 47 6c 6b 50 53 4a 76 64 43 31 77 59 79 31 6f 5a 48 49 69 50 6a 78 6b 61 58 59 67 61 57 51 39 49 6d 39 30 4c 57 78 7a 64 43 31 30 61 58 52 73 5a 53 49 2b 50 47 4a 31 64 48 52 76 62 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 62 47 6c 75 61 79 31 69 64 47 34 67 59 6d 46 6a 61 79 31 69 64 47 34 74
                                                                                                                                                                                                                                                                                              Data Ascii: 3JkaW9uIEdyb3VwIHNlY3Rpb24gZW5kcyAtLT48L3NlY3Rpb24+PC9kaXY+PHNlY3Rpb24gaWQ9Im90LXBjLWxzdCIgY2xhc3M9Im90LWhpZGUgb3QtaG9zdHMtdWkgb3QtcGMtc2Nyb2xsYmFyIj48ZGl2IGlkPSJvdC1wYy1oZHIiPjxkaXYgaWQ9Im90LWxzdC10aXRsZSI+PGJ1dHRvbiBjbGFzcz0ib3QtbGluay1idG4gYmFjay1idG4t
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 59 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 62 48 4e 30 4c 58 4e 31 59 6d 68 6b 63 69 49 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 63 32 56 68 63 6d 4e 6f 4c 57 4e 75 64 48 49 69 50 6a 78 77 49 48 4a 76 62 47 55 39 49 6e 4e 30 59 58 52 31 63 79 49 67 59 32 78 68 63 33 4d 39 49 6d 39 30 4c 58 4e 6a 63 6d 34 74 63 6d 52 79 49 6a 34 38 4c 33 41 2b 50 47 78 68 59 6d 56 73 49 47 5a 76 63 6a 30 69 64 6d 56 75 5a 47 39 79 4c 58 4e 6c 59 58 4a 6a 61 43 31 6f 59 57 35 6b 62 47 56 79 49 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 63 32 4e 79 62 69 31 79 5a 48 49 69 50 6a 77 76 62 47 46 69 5a 57 77 2b 49 44 78 70 62 6e 42 31 64 43 42 70 5a 44 30 69 64 6d 56 75 5a 47 39 79 4c 58 4e 6c 59 58 4a 6a 61 43 31 6f 59 57 35 6b 62
                                                                                                                                                                                                                                                                                              Data Ascii: Y+PGRpdiBjbGFzcz0ib3QtbHN0LXN1YmhkciI+PGRpdiBjbGFzcz0ib3Qtc2VhcmNoLWNudHIiPjxwIHJvbGU9InN0YXR1cyIgY2xhc3M9Im90LXNjcm4tcmRyIj48L3A+PGxhYmVsIGZvcj0idmVuZG9yLXNlYXJjaC1oYW5kbGVyIiBjbGFzcz0ib3Qtc2Nybi1yZHIiPjwvbGFiZWw+IDxpbnB1dCBpZD0idmVuZG9yLXNlYXJjaC1oYW5kb
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 7a 4f 6e 68 73 61 57 35 72 50 53 4a 6f 64 48 52 77 4f 69 38 76 64 33 64 33 4c 6e 63 7a 4c 6d 39 79 5a 79 38 78 4f 54 6b 35 4c 33 68 73 61 57 35 72 49 69 42 34 50 53 49 77 63 48 67 69 49 48 6b 39 49 6a 42 77 65 43 49 67 64 6d 6c 6c 64 30 4a 76 65 44 30 69 4d 43 41 77 49 44 51 77 4d 69 34 31 4e 7a 63 67 4e 44 41 79 4c 6a 55 33 4e 79 49 67 65 47 31 73 4f 6e 4e 77 59 57 4e 6c 50 53 4a 77 63 6d 56 7a 5a 58 4a 32 5a 53 49 2b 50 48 52 70 64 47 78 6c 50 6b 5a 70 62 48 52 6c 63 69 42 4a 59 32 39 75 50 43 39 30 61 58 52 73 5a 54 34 38 5a 7a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 49 6a 5a 6d 5a 6d 49 69 42 6b 50 53 4a 4e 4e 44 41 77 4c 6a 67 31 4f 43 77 78 4d 53 34 30 4d 6a 64 6a 4c 54 4d 75 4d 6a 51 78 4c 54 63 75 4e 44 49 78 4c 54 67 75 4f 44 55 74 4d 54
                                                                                                                                                                                                                                                                                              Data Ascii: zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB4PSIwcHgiIHk9IjBweCIgdmlld0JveD0iMCAwIDQwMi41NzcgNDAyLjU3NyIgeG1sOnNwYWNlPSJwcmVzZXJ2ZSI+PHRpdGxlPkZpbHRlciBJY29uPC90aXRsZT48Zz48cGF0aCBmaWxsPSIjZmZmIiBkPSJNNDAwLjg1OCwxMS40MjdjLTMuMjQxLTcuNDIxLTguODUtMT
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 4c 58 42 6a 4c 58 4e 6a 63 6d 39 73 62 47 4a 68 63 69 49 2b 50 47 52 70 64 69 42 70 5a 44 30 69 62 33 51 74 63 32 56 73 4c 57 4a 73 61 79 49 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 63 32 56 73 4c 57 46 73 62 43 49 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 63 32 56 73 4c 57 46 73 62 43 31 6f 5a 48 49 69 50 6a 78 7a 63 47 46 75 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 6a 62 32 35 7a 5a 57 35 30 4c 57 68 6b 63 69 49 2b 51 32 39 75 63 32 56 75 64 44 77 76 63 33 42 68 62 6a 34 67 50 48 4e 77 59 57 34 67 59 32 78 68 63 33 4d 39 49 6d 39 30 4c 57 78 70 4c 57 68 6b 63 69 49 2b 54 47 56 6e 4c 6b 6c 75 64 47 56 79 5a 58 4e 30 50 43 39 7a 63 47 46 75 50 6a 77 76 5a 47 6c 32 50 6a 78 6b 61 58 59 67 59 32 78 68 63 33 4d
                                                                                                                                                                                                                                                                                              Data Ascii: LXBjLXNjcm9sbGJhciI+PGRpdiBpZD0ib3Qtc2VsLWJsayI+PGRpdiBjbGFzcz0ib3Qtc2VsLWFsbCI+PGRpdiBjbGFzcz0ib3Qtc2VsLWFsbC1oZHIiPjxzcGFuIGNsYXNzPSJvdC1jb25zZW50LWhkciI+Q29uc2VudDwvc3Bhbj4gPHNwYW4gY2xhc3M9Im90LWxpLWhkciI+TGVnLkludGVyZXN0PC9zcGFuPjwvZGl2PjxkaXYgY2xhc3M
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 57 35 72 49 43 30 74 50 6a 78 6b 61 58 59 67 59 32 78 68 63 33 4d 39 49 6d 39 30 4c 58 5a 6c 62 69 31 6f 5a 48 49 69 50 6a 78 6f 4d 79 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 64 6d 56 75 4c 57 35 68 62 57 55 69 50 6a 77 76 61 44 4d 2b 50 47 45 67 59 32 78 68 63 33 4d 39 49 6d 39 30 4c 58 5a 6c 62 69 31 73 61 57 35 72 49 69 42 6f 63 6d 56 6d 50 53 49 6a 49 6a 35 57 61 57 56 33 49 46 42 79 61 58 5a 68 59 33 6b 67 54 6d 39 30 61 57 4e 6c 50 43 39 68 50 6a 77 76 5a 47 6c 32 50 6a 77 68 4c 53 30 67 64 47 39 6e 5a 32 78 6c 63 79 42 68 62 6d 51 67 59 58 4a 79 62 33 63 67 4c 53 30 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 64 47 64 73 4c 57 4e 75 64 48 49 69 50 6a 77 76 5a 47 6c 32 50 6a 77 76 63 32 56 6a 64 47 6c 76 62 6a 34 38 5a 47 6c 32
                                                                                                                                                                                                                                                                                              Data Ascii: W5rIC0tPjxkaXYgY2xhc3M9Im90LXZlbi1oZHIiPjxoMyBjbGFzcz0ib3QtdmVuLW5hbWUiPjwvaDM+PGEgY2xhc3M9Im90LXZlbi1saW5rIiBocmVmPSIjIj5WaWV3IFByaXZhY3kgTm90aWNlPC9hPjwvZGl2PjwhLS0gdG9nZ2xlcyBhbmQgYXJyb3cgLS0+PGRpdiBjbGFzcz0ib3QtdGdsLWNudHIiPjwvZGl2Pjwvc2VjdGlvbj48ZGl2
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 52 79 49 6a 34 38 59 6e 56 30 64 47 39 75 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 73 61 57 35 72 4c 57 4a 30 62 69 42 6a 59 58 52 6c 5a 32 39 79 65 53 31 32 5a 57 35 6b 62 33 4a 7a 4c 57 78 70 63 33 51 74 61 47 46 75 5a 47 78 6c 63 69 49 2b 56 6d 6c 6c 64 79 42 57 5a 57 35 6b 62 33 49 67 54 47 6c 7a 64 44 77 76 59 6e 56 30 64 47 39 75 50 6a 77 76 5a 47 6c 32 50 6a 77 68 4c 53 30 67 51 32 39 76 61 32 6c 6c 49 47 78 76 63 33 51 67 62 47 6c 75 61 79 41 74 4c 54 34 38 5a 47 6c 32 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 6f 62 48 4e 30 4c 57 4e 75 64 48 49 69 50 6a 78 69 64 58 52 30 62 32 34 67 59 32 78 68 63 33 4d 39 49 6d 39 30 4c 57 78 70 62 6d 73 74 59 6e 52 75 49 47 4e 68 64 47 56 6e 62 33 4a 35 4c 57 68 76 63 33 51 74 62 47 6c 7a 64 43 31 6f 59
                                                                                                                                                                                                                                                                                              Data Ascii: RyIj48YnV0dG9uIGNsYXNzPSJvdC1saW5rLWJ0biBjYXRlZ29yeS12ZW5kb3JzLWxpc3QtaGFuZGxlciI+VmlldyBWZW5kb3IgTGlzdDwvYnV0dG9uPjwvZGl2PjwhLS0gQ29va2llIGxvc3QgbGluayAtLT48ZGl2IGNsYXNzPSJvdC1obHN0LWNudHIiPjxidXR0b24gY2xhc3M9Im90LWxpbmstYnRuIGNhdGVnb3J5LWhvc3QtbGlzdC1oY
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 6c 64 43 31 79 61 57 64 6f 64 43 49 67 63 6d 39 73 5a 54 30 69 61 57 31 6e 49 69 42 34 62 57 78 75 63 7a 30 69 61 48 52 30 63 44 6f 76 4c 33 64 33 64 79 35 33 4d 79 35 76 63 6d 63 76 4d 6a 41 77 4d 43 39 7a 64 6d 63 69 49 48 5a 70 5a 58 64 43 62 33 67 39 49 6a 41 67 4d 43 41 78 4f 54 49 67 4e 54 45 79 49 6a 34 38 63 47 46 30 61 43 42 6d 61 57 78 73 50 53 4a 6a 64 58 4a 79 5a 57 35 30 51 32 39 73 62 33 49 69 49 47 51 39 49 6b 30 78 4e 6a 59 75 4f 53 41 79 4e 6a 51 75 4e 57 77 74 4d 54 45 33 4c 6a 67 67 4d 54 45 32 59 79 30 30 4c 6a 63 67 4e 43 34 33 4c 54 45 79 4c 6a 4d 67 4e 43 34 33 4c 54 45 33 49 44 42 73 4c 54 63 75 4d 53 30 33 4c 6a 46 6a 4c 54 51 75 4e 79 30 30 4c 6a 63 74 4e 43 34 33 4c 54 45 79 4c 6a 4d 67 4d 43 30 78 4e 30 77 78 4d 6a 63 75 4d 79
                                                                                                                                                                                                                                                                                              Data Ascii: ldC1yaWdodCIgcm9sZT0iaW1nIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAxOTIgNTEyIj48cGF0aCBmaWxsPSJjdXJyZW50Q29sb3IiIGQ9Ik0xNjYuOSAyNjQuNWwtMTE3LjggMTE2Yy00LjcgNC43LTEyLjMgNC43LTE3IDBsLTcuMS03LjFjLTQuNy00LjctNC43LTEyLjMgMC0xN0wxMjcuMy
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 62 57 46 30 61 57 39 75 49 48 4e 30 62 33 4a 68 5a 32 55 67 59 57 35 6b 49 47 46 6a 59 32 56 7a 63 79 42 30 5a 58 4e 30 50 43 39 6f 4e 44 34 38 4c 32 52 70 64 6a 34 38 49 53 30 74 49 47 46 6a 59 32 39 79 5a 47 6c 76 62 69 42 6b 5a 58 52 68 61 57 77 67 4c 53 30 2b 50 47 52 70 64 69 42 6a 62 47 46 7a 63 7a 30 69 62 33 51 74 59 57 4e 6a 4c 57 64 79 63 47 4e 75 64 48 49 67 62 33 51 74 59 57 4e 6a 4c 58 52 34 64 43 42 76 64 43 31 32 62 6d 51 74 61 57 35 6d 62 79 31 6a 62 6e 52 79 49 6a 34 38 5a 47 6c 32 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 32 62 6d 51 74 61 57 35 6d 62 79 49 2b 50 47 67 31 49 47 4e 73 59 58 4e 7a 50 53 4a 76 64 43 31 32 62 6d 51 74 62 47 4a 73 49 6a 35 54 5a 58 4a 32 61 57 4e 6c 49 45 35 68 62 57 55 38 4c 32 67 31 50 6a 78 6f 4e 69 42
                                                                                                                                                                                                                                                                                              Data Ascii: bWF0aW9uIHN0b3JhZ2UgYW5kIGFjY2VzcyB0ZXN0PC9oND48L2Rpdj48IS0tIGFjY29yZGlvbiBkZXRhaWwgLS0+PGRpdiBjbGFzcz0ib3QtYWNjLWdycGNudHIgb3QtYWNjLXR4dCBvdC12bmQtaW5mby1jbnRyIj48ZGl2IGNsYXNzPSJvdC12bmQtaW5mbyI+PGg1IGNsYXNzPSJvdC12bmQtbGJsIj5TZXJ2aWNlIE5hbWU8L2g1PjxoNiB


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              101192.168.11.2057878104.19.178.524432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC392OUTGET /scripttemplates/6.36.0/assets/otCommonStyles.css HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC826INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/css
                                                                                                                                                                                                                                                                                              Content-Length: 21866
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-MD5: /wtHD+oYY7dZRzCx50GZrQ==
                                                                                                                                                                                                                                                                                              Last-Modified: Tue, 07 Jun 2022 19:29:11 GMT
                                                                                                                                                                                                                                                                                              ETag: 0x8DA48BBFFACBC2F
                                                                                                                                                                                                                                                                                              x-ms-request-id: 6b1b790f-901e-003d-4640-0d4f98000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Age: 53853
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              CF-RAY: 889ddbad0b6213bb-IAD
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC543INData Raw: 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 7b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 6e 65 74 72 75 73 74 2d 76 65 6e 64 6f 72 73 2d 6c 69 73 74 2d 68 61 6e 64 6c 65 72 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 63 6f 6c 6f 72 3a 23 31 66 39 36 64 62 3b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 35 70 78 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 6e 65
                                                                                                                                                                                                                                                                                              Data Ascii: #onetrust-banner-sdk{-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}#onetrust-banner-sdk .onetrust-vendors-list-handler{cursor:pointer;color:#1f96db;font-size:inherit;font-weight:bold;text-decoration:none;margin-left:5px}#onetrust-banner-sdk .one
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 6b 20 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 62 74 6e 2d 68 61 6e 64 6c 65 72 7b 6f 75 74 6c 69 6e 65 2d 6f 66 66 73 65 74 3a 31 70 78 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 63 6c 6f 73 65 2d 69 63 6f 6e 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 63 6c 6f 73 65 2d 69 63 6f 6e 2c 23 6f 74 2d 73 79 6e 63 2d 6e 74 66 79 20 2e 6f 74 2d 63 6c 6f 73 65 2d 69 63 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 22 64 61 74 61 3a 69 6d 61 67 65 2f 73 76 67 2b 78 6d 6c 3b 62 61 73 65 36 34 2c 50 48 4e 32 5a 79 42 32 5a 58 4a 7a 61 57 39 75 50 53 49 78 4c 6a 45 69 49 48 68 74 62 47 35 7a 50 53 4a 6f 64 48 52 77 4f 69 38 76 64 33 64 33 4c 6e 63 7a 4c 6d 39 79 5a 79 38 79 4d 44 41 77
                                                                                                                                                                                                                                                                                              Data Ascii: k #onetrust-pc-btn-handler{outline-offset:1px}#onetrust-banner-sdk .ot-close-icon,#onetrust-pc-sdk .ot-close-icon,#ot-sync-ntfy .ot-close-icon{background-image:url("data:image/svg+xml;base64,PHN2ZyB2ZXJzaW9uPSIxLjEiIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAw
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 68 74 3a 31 32 70 78 3b 77 69 64 74 68 3a 31 32 70 78 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 70 6f 77 65 72 65 64 2d 62 79 2d 6c 6f 67 6f 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 70 63 2d 66 6f 6f 74 65 72 2d 6c 6f 67 6f 20 61 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 70 6f 77 65 72 65 64 2d 62 79 2d 6c 6f 67 6f 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 70 63 2d 66 6f 6f 74 65 72 2d 6c 6f 67 6f 20 61 2c 23 6f 74 2d 73 79 6e 63 2d 6e 74 66 79 20 2e 70 6f 77 65 72 65 64 2d 62 79 2d 6c 6f 67 6f 2c 23 6f 74 2d 73 79 6e 63 2d 6e 74 66 79 20 2e 6f 74 2d 70 63 2d 66 6f 6f 74 65 72 2d 6c 6f 67 6f 20 61 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 63 6f
                                                                                                                                                                                                                                                                                              Data Ascii: ht:12px;width:12px}#onetrust-banner-sdk .powered-by-logo,#onetrust-banner-sdk .ot-pc-footer-logo a,#onetrust-pc-sdk .powered-by-logo,#onetrust-pc-sdk .ot-pc-footer-logo a,#ot-sync-ntfy .powered-by-logo,#ot-sync-ntfy .ot-pc-footer-logo a{background-size:co
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 72 6f 77 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 7b 70 61 64 64 69 6e 67 3a 30 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6e 74 61 69 6e 65 72 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 72 6f 77 7b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 69 6e 69 74 69 61 6c 3b 77 69 64 74 68 3a 31 30 30 25 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 3a 63 68 65 63 6b 65 64 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 5b 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 5d 3a 6e 6f 74 28 3a 63 68 65
                                                                                                                                                                                                                                                                                              Data Ascii: }#onetrust-pc-sdk .ot-sdk-row .ot-sdk-column{padding:0}#onetrust-pc-sdk .ot-sdk-container{padding-right:0}#onetrust-pc-sdk .ot-sdk-row{flex-direction:initial;width:100%}#onetrust-pc-sdk [type="checkbox"]:checked,#onetrust-pc-sdk [type="checkbox"]:not(:che
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 6e 2c 2e 6f 6e 65 74 72 75 73 74 2d 70 63 2d 64 61 72 6b 2d 66 69 6c 74 65 72 2e 6f 74 2d 66 61 64 65 2d 69 6e 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 2e 6f 74 2d 66 61 64 65 2d 69 6e 7b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 6f 6e 65 74 72 75 73 74 2d 66 61 64 65 2d 69 6e 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 34 30 30 6d 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 65 61 73 65 2d 69 6e 2d 6f 75 74 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 2e 6f 74 2d 68 69 64 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6f 6e 65 74 72 75 73 74 2d 70 63 2d 64 61 72 6b 2d 66 69 6c 74 65 72 2e 6f 74 2d 68 69 64 65 7b 64 69 73 70 6c 61 79 3a
                                                                                                                                                                                                                                                                                              Data Ascii: n,.onetrust-pc-dark-filter.ot-fade-in,#onetrust-banner-sdk.ot-fade-in{animation-name:onetrust-fade-in;animation-duration:400ms;animation-timing-function:ease-in-out}#onetrust-pc-sdk.ot-hide{display:none !important}.onetrust-pc-dark-filter.ot-hide{display:
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 69 74 6c 65 3e 73 70 61 6e 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 75 73 65 72 69 64 2d 74 69 6d 65 73 74 61 6d 70 3e 73 70 61 6e 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 75 73 65 72 69 64 2d 64 65 73 63 7b 66 6f 6e 74 2d 73 74 79 6c 65 3a 69 74 61 6c 69 63 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 68 6f 73 74 2d 64 65 73 63 20 61 7b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 69 6e 69 74 69 61 6c 7d 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 76 65 6e 2d 68 64 72 3e 70 20 61 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7a 2d 69 6e 64 65 78 3a 32 3b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 69 6e 69
                                                                                                                                                                                                                                                                                              Data Ascii: itle>span,#onetrust-pc-sdk .ot-userid-timestamp>span{font-weight:700}#onetrust-pc-sdk .ot-userid-desc{font-style:italic}#onetrust-pc-sdk .ot-host-desc a{pointer-events:initial}#onetrust-pc-sdk .ot-ven-hdr>p a{position:relative;z-index:2;pointer-events:ini
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 6e 74 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 74 6f 67 67 6c 65 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 23 6f 74 2d 63 6f 6e 74 65 6e 74 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 23 6f 74 2d 70 63 2d 63 6f 6e 74 65 6e 74 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 63 68 65 63 6b 62 6f 78 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 64 69 76 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 73 70 61 6e 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 68 31 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 68 32 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 68 33 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20
                                                                                                                                                                                                                                                                                              Data Ascii: nt,#onetrust-banner-sdk .ot-toggle,#onetrust-banner-sdk #ot-content,#onetrust-banner-sdk #ot-pc-content,#onetrust-banner-sdk .checkbox,#onetrust-pc-sdk div,#onetrust-pc-sdk span,#onetrust-pc-sdk h1,#onetrust-pc-sdk h2,#onetrust-pc-sdk h3,#onetrust-pc-sdk
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 74 64 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 74 62 6f 64 79 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 2e 6f 74 2d 6d 61 69 6e 2d 63 6f 6e 74 65 6e 74 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 2e 6f 74 2d 74 6f 67 67 6c 65 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 23 6f 74 2d 63 6f 6e 74 65 6e 74 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 23 6f 74 2d 70 63 2d 63 6f 6e 74 65 6e 74 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 2e 63 68 65 63 6b 62 6f 78 2c 23 6f 74 2d 73 79 6e 63 2d 6e 74 66 79 20 64 69 76 2c 23 6f 74 2d 73 79 6e 63 2d 6e
                                                                                                                                                                                                                                                                                              Data Ascii: ot-sdk-cookie-policy td,#ot-sdk-cookie-policy tbody,#ot-sdk-cookie-policy .ot-main-content,#ot-sdk-cookie-policy .ot-toggle,#ot-sdk-cookie-policy #ot-content,#ot-sdk-cookie-policy #ot-pc-content,#ot-sdk-cookie-policy .checkbox,#ot-sync-ntfy div,#ot-sync-n
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 61 6e 6e 65 72 2d 73 64 6b 20 6c 61 62 65 6c 3a 61 66 74 65 72 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 63 68 65 63 6b 62 6f 78 3a 61 66 74 65 72 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 63 68 65 63 6b 62 6f 78 3a 62 65 66 6f 72 65 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 6c 61 62 65 6c 3a 62 65 66 6f 72 65 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 6c 61 62 65 6c 3a 61 66 74 65 72 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 63 68 65 63 6b 62 6f 78 3a 61 66 74 65 72 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 63 68 65 63 6b 62 6f 78 3a 62 65 66 6f 72 65 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 6c 61 62 65 6c 3a 62 65 66 6f
                                                                                                                                                                                                                                                                                              Data Ascii: anner-sdk label:after,#onetrust-banner-sdk .checkbox:after,#onetrust-banner-sdk .checkbox:before,#onetrust-pc-sdk label:before,#onetrust-pc-sdk label:after,#onetrust-pc-sdk .checkbox:after,#onetrust-pc-sdk .checkbox:before,#ot-sdk-cookie-policy label:befo
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 73 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 2c 23 6f 6e 65 74 72 75 73 74 2d 70 63 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 73 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 2c 23 6f 74 2d 73 64 6b 2d 63 6f 6f 6b 69 65 2d 70 6f 6c 69 63 79 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 73 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 34 25 7d 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 6f 6e 65 74 72 75 73 74 2d 62 61 6e 6e 65 72 2d 73 64 6b 20 2e 6f 74 2d 73 64 6b 2d 63 6f 6c 75 6d 6e 73
                                                                                                                                                                                                                                                                                              Data Ascii: .ot-sdk-columns,#onetrust-pc-sdk .ot-sdk-column,#onetrust-pc-sdk .ot-sdk-columns,#ot-sdk-cookie-policy .ot-sdk-column,#ot-sdk-cookie-policy .ot-sdk-columns{margin-left:4%}#onetrust-banner-sdk .ot-sdk-column:first-child,#onetrust-banner-sdk .ot-sdk-columns


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              102192.168.11.205074431.13.66.194432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1315OUTGET /signals/config/2679475345708101?v=2.9.156&r=stable&domain=www.ccleaner.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: connect.facebook.net
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1465INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                              Content-Type: application/x-javascript; charset=utf-8
                                                                                                                                                                                                                                                                                              timing-allow-origin: *
                                                                                                                                                                                                                                                                                              reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                                                                                              report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                                                                                              content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
                                                                                                                                                                                                                                                                                              document-policy: force-load-at-top
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1706INData Raw: 70 65 72 6d 69 73 73 69 6f 6e 73 2d 70 6f 6c 69 63 79 3a 20 61 63 63 65 6c 65 72 6f 6d 65 74 65 72 3d 28 29 2c 20 61 74 74 72 69 62 75 74 69 6f 6e 2d 72 65 70 6f 72 74 69 6e 67 3d 28 29 2c 20 61 75 74 6f 70 6c 61 79 3d 28 29 2c 20 62 61 74 74 65 72 79 3d 28 73 65 6c 66 29 2c 20 62 6c 75 65 74 6f 6f 74 68 3d 28 29 2c 20 63 61 6d 65 72 61 3d 28 29 2c 20 63 68 2d 64 65 76 69 63 65 2d 6d 65 6d 6f 72 79 3d 28 29 2c 20 63 68 2d 64 6f 77 6e 6c 69 6e 6b 3d 28 29 2c 20 63 68 2d 64 70 72 3d 28 29 2c 20 63 68 2d 65 63 74 3d 28 29 2c 20 63 68 2d 72 74 74 3d 28 29 2c 20 63 68 2d 73 61 76 65 2d 64 61 74 61 3d 28 29 2c 20 63 68 2d 75 61 2d 61 72 63 68 3d 28 29 2c 20 63 68 2d 75 61 2d 62 69 74 6e 65 73 73 3d 28 29 2c 20 63 68 2d 76 69 65 77 70 6f 72 74 2d 68 65 69 67 68
                                                                                                                                                                                                                                                                                              Data Ascii: permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-heigh
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1500INData Raw: 2f 2a 2a 0a 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 37 2d 70 72 65 73 65 6e 74 2c 20 46 61 63 65 62 6f 6f 6b 2c 20 49 6e 63 2e 20 41 6c 6c 20 72 69 67 68 74 73 20 72 65 73 65 72 76 65 64 2e 0a 2a 0a 2a 20 59 6f 75 20 61 72 65 20 68 65 72 65 62 79 20 67 72 61 6e 74 65 64 20 61 20 6e 6f 6e 2d 65 78 63 6c 75 73 69 76 65 2c 20 77 6f 72 6c 64 77 69 64 65 2c 20 72 6f 79 61 6c 74 79 2d 66 72 65 65 20 6c 69 63 65 6e 73 65 20 74 6f 20 75 73 65 2c 0a 2a 20 63 6f 70 79 2c 20 6d 6f 64 69 66 79 2c 20 61 6e 64 20 64 69 73 74 72 69 62 75 74 65 20 74 68 69 73 20 73 6f 66 74 77 61 72 65 20 69 6e 20 73 6f 75 72 63 65 20 63 6f 64 65 20 6f 72 20 62 69 6e 61 72 79 20 66 6f 72 6d 20 66 6f 72 20 75 73 65 0a 2a 20 69 6e 20 63 6f 6e 6e 65 63 74 69 6f 6e 20 77 69
                                                                                                                                                                                                                                                                                              Data Ascii: /*** Copyright (c) 2017-present, Facebook, Inc. All rights reserved.** You are hereby granted a non-exclusive, worldwide, royalty-free license to use,* copy, modify, and distribute this software in source code or binary form for use* in connection wi
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1500INData Raw: 75 72 6e 21 30 7d 28 29 29 72 65 74 75 72 6e 3b 76 61 72 20 67 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 28 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3a 22 40 40 69 74 65 72 61 74 6f 72 22 29 3d 3d 3d 22 73 79 6d 62 6f 6c 22 3f 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 61 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 61 2e 63 6f 6e 73 74 72 75 63 74 6f 72 3d 3d 3d 53 79 6d 62 6f 6c 26 26 61 21 3d 3d 28 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63
                                                                                                                                                                                                                                                                                              Data Ascii: urn!0}())return;var g=typeof Symbol==="function"&&typeof (typeof Symbol==="function"?Symbol.iterator:"@@iterator")==="symbol"?function(a){return typeof a}:function(a){return a&&typeof Symbol==="function"&&a.constructor===Symbol&&a!==(typeof Symbol==="func
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1500INData Raw: 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3f 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 28 61 2c 62 29 3a 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 29 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 61 2c 62 29 7b 69 66 28 21 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 62 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 43 61 6e 6e 6f 74 20 63 61 6c 6c 20 61 20 63 6c 61 73 73 20 61 73 20 61 20 66 75 6e 63 74 69 6f 6e 22 29 7d 66 2e 5f 5f 66 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 7c 7c 28 66 2e 5f 5f 66 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 3d 7b 7d 2c 66 2e 5f 5f 66 62 65 76 65 6e 74 73 52 65 73 6f 6c 76 65 64 4d 6f 64 75 6c 65 73 3d 7b 7d 2c 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 3d
                                                                                                                                                                                                                                                                                              Data Ascii: Object.setPrototypeOf?Object.setPrototypeOf(a,b):a.__proto__=b)}function l(a,b){if(!(a instanceof b))throw new TypeError("Cannot call a class as a function")}f.__fbeventsModules||(f.__fbeventsModules={},f.__fbeventsResolvedModules={},f.getFbeventsModules=
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1500INData Raw: 61 2e 70 69 78 65 6c 3b 61 3d 61 2e 73 68 6f 75 6c 64 45 78 74 72 61 63 74 55 73 65 72 44 61 74 61 3b 76 61 72 20 6b 3d 61 26 26 69 3d 3d 6e 75 6c 6c 3b 69 3d 63 28 7b 62 75 74 74 6f 6e 3a 65 2c 63 6f 6e 74 61 69 6e 65 72 45 6c 65 6d 65 6e 74 3a 6b 3f 68 3a 69 2c 73 68 6f 75 6c 64 45 78 74 72 61 63 74 55 73 65 72 44 61 74 61 3a 61 7d 29 3b 61 3d 64 28 29 3b 76 61 72 20 6c 3d 69 2e 66 6f 72 6d 46 69 65 6c 64 46 65 61 74 75 72 65 73 3b 69 3d 69 2e 75 73 65 72 44 61 74 61 3b 66 3d 7b 62 75 74 74 6f 6e 46 65 61 74 75 72 65 73 3a 66 2c 62 75 74 74 6f 6e 54 65 78 74 3a 67 2c 66 6f 72 6d 46 65 61 74 75 72 65 73 3a 6b 3f 5b 5d 3a 6c 2c 70 61 67 65 46 65 61 74 75 72 65 73 3a 61 2c 70 61 72 61 6d 65 74 65 72 73 3a 62 2e 74 72 69 67 67 65 72 28 7b 70 69 78 65 6c 3a
                                                                                                                                                                                                                                                                                              Data Ascii: a.pixel;a=a.shouldExtractUserData;var k=a&&i==null;i=c({button:e,containerElement:k?h:i,shouldExtractUserData:a});a=d();var l=i.formFieldFeatures;i=i.userData;f={buttonFeatures:f,buttonText:g,formFeatures:k?[]:l,pageFeatures:a,parameters:b.trigger({pixel:
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1500INData Raw: 61 28 29 2c 6b 3d 5b 5d 2c 6c 3d 7b 7d 3b 69 66 28 68 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 7b 66 6f 72 6d 46 69 65 6c 64 46 65 61 74 75 72 65 73 3a 6b 2c 75 73 65 72 44 61 74 61 3a 6c 7d 3b 68 3d 68 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 65 29 3b 66 6f 72 28 76 61 72 20 6d 3d 30 3b 6d 3c 68 2e 6c 65 6e 67 74 68 3b 6d 2b 2b 29 7b 76 61 72 20 6e 3d 68 5b 6d 5d 3b 69 66 28 6e 20 69 6e 73 74 61 6e 63 65 6f 66 20 48 54 4d 4c 49 6e 70 75 74 45 6c 65 6d 65 6e 74 7c 7c 6e 20 69 6e 73 74 61 6e 63 65 6f 66 20 48 54 4d 4c 54 65 78 74 41 72 65 61 45 6c 65 6d 65 6e 74 7c 7c 6e 20 69 6e 73 74 61 6e 63 65 6f 66 20 48 54 4d 4c 53 65 6c 65 63 74 45 6c 65 6d 65 6e 74 7c 7c 6e 20 69 6e 73 74 61 6e 63 65 6f 66 20 48 54 4d 4c 42 75 74 74 6f 6e 45 6c 65 6d 65
                                                                                                                                                                                                                                                                                              Data Ascii: a(),k=[],l={};if(h==null)return{formFieldFeatures:k,userData:l};h=h.querySelectorAll(e);for(var m=0;m<h.length;m++){var n=h[m];if(n instanceof HTMLInputElement||n instanceof HTMLTextAreaElement||n instanceof HTMLSelectElement||n instanceof HTMLButtonEleme
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1500INData Raw: 6e 74 73 5b 62 5d 3b 66 6f 72 28 76 61 72 20 64 20 69 6e 20 63 29 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 63 2c 64 29 26 26 28 61 5b 64 5d 3d 63 5b 64 5d 29 7d 72 65 74 75 72 6e 20 61 7d 2c 62 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 53 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 55 74 69 6c 73 22 29 2c 63 3d 62 2e 65 61 63 68 2c 64 3d 2f 5b 5e 5c 73 5c 22 5d 2f 2c 65 3d 2f 5b 5e 5c 73 3a 2b 5c 22 5d 2f 3b 66 75 6e 63 74 69 6f 6e 20 67 28 62 2c 63 2c 66 29 7b 69 66 28 66 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 64 2e 74 65 73 74 28 63 29 3f 63 3d 3d 3d 22 40 22 3f 6e 75 6c 6c 3a 7b 73 74 61 72 74 3a 62 2c 75 73 65 72 4f 72 44 6f 6d 61 69 6e 3a 22 75 73 65 72
                                                                                                                                                                                                                                                                                              Data Ascii: nts[b];for(var d in c)Object.prototype.hasOwnProperty.call(c,d)&&(a[d]=c[d])}return a},b=f.getFbeventsModules("SignalsFBEventsUtils"),c=b.each,d=/[^\s\"]/,e=/[^\s:+\"]/;function g(b,c,f){if(f==null)return d.test(c)?c==="@"?null:{start:b,userOrDomain:"user
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1500INData Raw: 2e 5f 72 61 74 65 4d 53 3d 63 7d 68 28 62 2c 5b 7b 6b 65 79 3a 22 5f 70 61 73 73 65 73 54 68 72 6f 74 74 6c 65 49 6d 70 6c 22 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 2e 5f 6c 61 73 74 41 72 67 73 3b 69 66 28 61 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 21 30 3b 76 61 72 20 62 3d 44 61 74 65 2e 6e 6f 77 28 29 2c 63 3d 62 2d 74 68 69 73 2e 5f 6c 61 73 74 54 69 6d 65 3b 69 66 28 63 3e 3d 74 68 69 73 2e 5f 72 61 74 65 4d 53 29 72 65 74 75 72 6e 21 30 3b 66 6f 72 28 76 61 72 20 64 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 65 3d 41 72 72 61 79 28 64 29 2c 66 3d 30 3b 66 3c 64 3b 66 2b 2b 29 65 5b 66 5d 3d 61 72 67 75 6d 65 6e 74 73 5b 66 5d 3b 69 66 28 61 2e 6c 65 6e 67 74 68 21 3d 3d 65 2e 6c 65 6e 67 74 68
                                                                                                                                                                                                                                                                                              Data Ascii: ._rateMS=c}h(b,[{key:"_passesThrottleImpl",value:function(){var a=this._lastArgs;if(a==null)return!0;var b=Date.now(),c=b-this._lastTime;if(c>=this._rateMS)return!0;for(var d=arguments.length,e=Array(d),f=0;f<d;f++)e[f]=arguments[f];if(a.length!==e.length
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1500INData Raw: 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 73 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 45 78 74 72 61 63 74 46 72 6f 6d 49 6e 70 75 74 73 22 29 2c 42 3d 6e 65 77 20 74 28 29 2c 43 3d 66 2e 67 65 74 46 62 65 76 65 6e 74 73 4d 6f 64 75 6c 65 73 28 22 73 69 67 6e 61 6c 73 46 42 45 76 65 6e 74 73 44 6f 41 75 74 6f 6d 61 74 69 63 4d 61 74 63 68 69 6e 67 22 29 2c 44 3d 31 30 30 3b 66 75 6e 63 74 69 6f 6e 20 45 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 62 21 3d 6e 75 6c 6c 26 26 62 2e 62 75 74 74 6f 6e 53 65 6c 65 63 74 6f 72 3d 3d 3d 22 65 78 74 65 6e 64 65 64 22 7d 66 75 6e 63 74 69 6f 6e 20 46 28 62 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 63 29 7b 69 66 28 62 2e 64 69 73 61 62 6c 65 41 75 74 6f 43 6f 6e 66 69 67 29 72 65 74 75
                                                                                                                                                                                                                                                                                              Data Ascii: .getFbeventsModules("signalsFBEventsExtractFromInputs"),B=new t(),C=f.getFbeventsModules("signalsFBEventsDoAutomaticMatching"),D=100;function E(a,b){return b!=null&&b.buttonSelector==="extended"}function F(b){return function(c){if(b.disableAutoConfig)retu
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1500INData Raw: 29 2c 63 29 2c 63 2e 65 78 74 72 61 63 74 50 49 49 3d 47 2c 65 29 2c 6a 28 63 2c 64 29 7d 72 65 74 75 72 6e 20 62 7d 28 62 29 3b 65 2e 65 78 70 6f 72 74 73 3d 6e 65 77 20 75 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 63 2e 6c 69 73 74 65 6e 4f 6e 63 65 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 77 28 46 28 62 29 29 3b 68 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3f 68 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 61 2c 7b 63 61 70 74 75 72 65 3a 21 30 2c 6f 6e 63 65 3a 21 31 2c 70 61 73 73 69 76 65 3a 21 30 7d 29 3a 67 2e 61 74 74 61 63 68 45 76 65 6e 74 28 22 6f 6e 63 6c 69 63 6b 22 2c 61 29 7d 29 2c 6d 2e 6c 69 73 74 65 6e 28 66 75 6e 63 74 69 6f 6e 28 61 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 47 28
                                                                                                                                                                                                                                                                                              Data Ascii: ),c),c.extractPII=G,e),j(c,d)}return b}(b);e.exports=new u(function(a,b){c.listenOnce(function(){var a=w(F(b));h.addEventListener?h.addEventListener("click",a,{capture:!0,once:!1,passive:!0}):g.attachEvent("onclick",a)}),m.listen(function(a,c,d){return G(


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              103192.168.11.2056362104.19.178.524432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC614OUTGET /logos/static/poweredBy_ot_logo.svg HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC830INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              Content-Type: image/svg+xml
                                                                                                                                                                                                                                                                                              Content-Length: 2998
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-MD5: LpuayL42jB78xRllx0vkOw==
                                                                                                                                                                                                                                                                                              Last-Modified: Thu, 23 May 2024 06:07:37 GMT
                                                                                                                                                                                                                                                                                              ETag: 0x8DC7AEEA55DDC3C
                                                                                                                                                                                                                                                                                              x-ms-request-id: 73ae79c4-901e-0005-3b2b-adb516000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Age: 74075
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              CF-RAY: 889ddbad6dd707cc-IAD
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC539INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 33 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 70 61 74 68 20 64 3d 22 4d 37 39 2e 30 33 39 20 37 2e 33 34 36 63 30 20 31 2e 37 38 34 2d 2e 34 34 39 20 33 2e 31 38 36 2d 31 2e 33 34 36 20 34 2e 32 30 36 2d 2e 38 39 37 20 31 2e 30 32 31 2d 32 2e 31 35 32 20 31 2e 35 33 32 2d 33 2e 37 36 37 20 31 2e 35 33 32 2d 31 2e 36 34 31 20 30 2d 32 2e 39 30 35 2d 2e 35 30 35 2d 33 2e 37 39 31 2d 31 2e 35 31 33 2d 2e 38 38 37 2d 31 2e 30 30 38 2d 31 2e 33 33 35 2d 32 2e 34 32 32 2d 31 2e 33 34 36 2d 34 2e 32 34 20 30 2d 31 2e 38 31 35 2e 34 34 39 2d 33 2e 32 32 31 20 31 2e 33 34
                                                                                                                                                                                                                                                                                              Data Ascii: <svg width="136" height="16" xmlns="http://www.w3.org/2000/svg"><g fill="none"><path d="M79.039 7.346c0 1.784-.449 3.186-1.346 4.206-.897 1.021-2.152 1.532-3.767 1.532-1.641 0-2.905-.505-3.791-1.513-.887-1.008-1.335-2.422-1.346-4.24 0-1.815.449-3.221 1.34
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 31 2e 32 33 35 20 30 2d 32 2e 31 37 33 2e 33 39 2d 32 2e 38 31 35 20 31 2e 31 37 2d 2e 36 34 32 2e 37 38 2d 2e 39 36 34 20 31 2e 39 31 35 2d 2e 39 36 34 20 33 2e 34 30 34 68 2d 2e 30 30 32 7a 6d 31 36 2e 38 39 31 20 35 2e 35 38 37 56 37 2e 35 33 35 63 30 2d 2e 36 38 2d 2e 31 35 35 2d 31 2e 31 38 38 2d 2e 34 36 36 2d 31 2e 35 32 33 2d 2e 33 31 2d 2e 33 33 36 2d 2e 37 39 35 2d 2e 35 30 34 2d 31 2e 34 35 35 2d 2e 35 30 34 2d 2e 38 37 34 20 30 2d 31 2e 35 31 34 2e 32 33 36 2d 31 2e 39 32 32 2e 37 30 38 2d 2e 34 30 37 2e 34 37 32 2d 2e 36 31 20 31 2e 32 35 31 2d 2e 36 31 20 32 2e 33 33 39 76 34 2e 33 37 38 68 2d 31 2e 32 36 35 56 34 2e 35 37 35 68 31 2e 30 32 38 6c 2e 32 30 34 20 31 2e 31 34 33 68 2e 30 36 32 61 32 2e 35 38 33 20 32 2e 35 38 33 20 30 20 30 31
                                                                                                                                                                                                                                                                                              Data Ascii: 1.235 0-2.173.39-2.815 1.17-.642.78-.964 1.915-.964 3.404h-.002zm16.891 5.587V7.535c0-.68-.155-1.188-.466-1.523-.31-.336-.795-.504-1.455-.504-.874 0-1.514.236-1.922.708-.407.472-.61 1.251-.61 2.339v4.378h-1.265V4.575h1.028l.204 1.143h.062a2.583 2.583 0 01
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1090INData Raw: 35 39 2d 31 2e 32 35 35 2d 2e 37 35 39 2d 32 2e 33 31 37 56 34 2e 35 37 35 68 31 2e 32 37 38 7a 6d 31 33 2e 37 38 31 20 36 2e 30 37 39 61 32 2e 30 39 20 32 2e 30 39 20 30 20 30 31 2d 2e 38 37 20 31 2e 37 39 37 63 2d 2e 35 37 39 2e 34 32 32 2d 31 2e 33 39 32 2e 36 33 33 2d 32 2e 34 33 37 2e 36 33 33 2d 31 2e 31 30 37 20 30 2d 31 2e 39 37 31 2d 2e 31 38 2d 32 2e 35 39 32 2d 2e 35 33 39 76 2d 31 2e 31 36 63 2e 34 31 32 2e 32 30 37 2e 38 34 35 2e 33 36 38 20 31 2e 32 39 32 2e 34 38 2e 34 33 34 2e 31 31 33 2e 38 38 2e 31 37 32 20 31 2e 33 33 2e 31 37 34 2e 35 32 36 2e 30 33 20 31 2e 30 35 31 2d 2e 30 38 20 31 2e 35 32 32 2d 2e 33 31 37 61 31 2e 30 37 36 20 31 2e 30 37 36 20 30 20 30 30 2e 31 31 2d 31 2e 37 39 38 20 36 2e 36 36 33 20 36 2e 36 36 33 20 30 20 30
                                                                                                                                                                                                                                                                                              Data Ascii: 59-1.255-.759-2.317V4.575h1.278zm13.781 6.079a2.09 2.09 0 01-.87 1.797c-.579.422-1.392.633-2.437.633-1.107 0-1.971-.18-2.592-.539v-1.16c.412.207.845.368 1.292.48.434.113.88.172 1.33.174.526.03 1.051-.08 1.522-.317a1.076 1.076 0 00.11-1.798 6.663 6.663 0 0


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              104192.168.11.206520834.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 254
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC254OUTData Raw: 0a fb 01 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 3d 0a 03 3b 09 01 10 ea ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 17 08 99 3d 12 08 0a 04 48 4b 4c 4d 10 06 12 08 0a 04 48 4b 43 55 10 06 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04 40 12 52 08 08 01 10 b8 dd cc b2 06
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557=;HealthCheckNF1(Z=HKLMHKCU`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H@R
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              105192.168.11.206309864.202.112.954432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC577OUTGET /cachedClickId?marketerId=001ac0827d67b7b38319c9517e7fa2f4cc HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: tr.outbrain.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC251INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                                                                                                                                              Content-Length: 35
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              X-TraceId: cd29b4966319e7871545e34c952e1d7c
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC35INData Raw: 6f 62 41 70 69 2e 73 65 74 43 61 63 68 65 64 43 6c 69 63 6b 49 64 28 22 4e 6f 43 6c 69 63 6b 49 64 22 29
                                                                                                                                                                                                                                                                                              Data Ascii: obApi.setCachedClickId("NoClickId")


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              106192.168.11.206520734.96.102.1374432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC655OUTGET /j.php?a=176159&u=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&r=0.8571105425209484 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: dev.visualwebsiteoptimizer.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC429INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/javascript; charset=UTF-8
                                                                                                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                              Cache-Control: public
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=0
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Cache-Control: must-revalidate
                                                                                                                                                                                                                                                                                              server: gnv2
                                                                                                                                                                                                                                                                                              Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC826INData Raw: 34 0d 0a 74 72 79 7b 0d 0a 63 35 36 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 43 3d 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 63 6f 64 65 3b 69 66 28 61 43 29 7b 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6a 5f 65 3d 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6a 5f 65 7c 7c 30 3b 69 66 28 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6a 5f 65 3d 3d 31 29 7b 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6d 74 3d 22 64 75 70 43 6f 64 65 22 3b 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 73 65 74 74 69 6e 67 73 5f 74 69 6d 65 72 29 3b 69 66 28 77 69 6e 64 6f 77 2e 56 57 4f 26 26 77 69 6e 64 6f 77 2e 56 57 4f 2e 5f 26 26 77 69 6e 64 6f 77 2e 56 57 4f 2e 5f 2e 62 49 45 29 7b 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 63 6f 64 65 2e 66 69 6e 69 73 68 28 29 7d 72
                                                                                                                                                                                                                                                                                              Data Ascii: 4try{c56(function(){var aC=window._vwo_code;if(aC){window._vwo_j_e=window._vwo_j_e||0;if(window._vwo_j_e==1){window._vwo_mt="dupCode";clearTimeout(window._vwo_settings_timer);if(window.VWO&&window.VWO._&&window.VWO._.bIE){window._vwo_code.finish()}r
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1255INData Raw: 64 6f 77 2e 6e 61 6d 65 2e 69 6e 64 65 78 4f 66 28 22 5f 76 69 73 5f 68 65 61 74 6d 61 70 22 29 3e 2d 31 7c 7c 77 69 6e 64 6f 77 2e 6e 61 6d 65 2e 69 6e 64 65 78 4f 66 28 22 5f 76 69 73 5f 65 64 69 74 6f 72 22 29 3e 2d 31 7c 7c 63 63 4d 6f 64 65 7c 7c 77 69 6e 64 6f 77 2e 6e 61 6d 65 2e 69 6e 64 65 78 4f 66 28 22 5f 76 69 73 5f 70 72 65 76 69 65 77 22 29 3e 2d 31 29 7b 74 72 79 7b 20 69 66 20 28 77 69 6e 64 6f 77 2e 6e 61 6d 65 20 26 26 20 4a 53 4f 4e 2e 70 61 72 73 65 28 77 69 6e 64 6f 77 2e 6e 61 6d 65 29 29 20 7b 20 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6d 74 20 3d 20 77 69 6e 64 6f 77 2e 6e 61 6d 65 7d 20 65 6c 73 65 20 69 66 28 63 63 4d 6f 64 65 29 20 7b 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6d 74 20 3d 20 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65
                                                                                                                                                                                                                                                                                              Data Ascii: dow.name.indexOf("_vis_heatmap")>-1||window.name.indexOf("_vis_editor")>-1||ccMode||window.name.indexOf("_vis_preview")>-1){try{ if (window.name && JSON.parse(window.name)) { window._vwo_mt = window.name} else if(ccMode) {window._vwo_mt = decodeURICompone
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1255INData Raw: 28 73 29 7d 29 28 29 7d 7d 7d 63 61 74 63 68 28 65 29 7b 76 61 72 20 62 3d 6e 65 77 20 49 6d 61 67 65 3b 62 2e 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 64 65 76 2e 76 69 73 75 61 6c 77 65 62 73 69 74 65 6f 70 74 69 6d 69 7a 65 72 2e 63 6f 6d 2f 65 2e 67 69 66 3f 73 3d 6d 6f 64 65 5f 64 65 74 26 65 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 26 26 65 2e 73 74 61 63 6b 26 26 65 2e 73 74 61 63 6b 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 31 65 33 29 29 3b 61 43 26 26 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 63 6f 64 65 2e 66 69 6e 69 73 68 28 29 7d 7d 29 28 29 3b 69 66 28 77 69 6e 64 6f 77 2e 5f 76 77 6f 5f 6d 74 3d 3d 3d 27 6c 69 76 65 27 29 7b 5f 76 77 6f 5f 63 6f 64 65 2e 73 54 3d 5f 76 77 6f 5f 63 6f 64 65 2e 66 69 6e 69 73 68 65 64 28 29
                                                                                                                                                                                                                                                                                              Data Ascii: (s)})()}}}catch(e){var b=new Image;b.src="https://dev.visualwebsiteoptimizer.com/e.gif?s=mode_det&e="+encodeURIComponent(e&&e.stack&&e.stack.substring(0,1e3));aC&&window._vwo_code.finish()}})();if(window._vwo_mt==='live'){_vwo_code.sT=_vwo_code.finished()
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC163INData Raw: 65 6f 70 74 69 6d 69 7a 65 72 2e 63 6f 6d 2f 65 2e 67 69 66 3f 61 3d 31 37 36 31 35 39 26 73 3d 6a 2e 70 68 70 26 65 3d 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 65 20 26 26 20 65 2e 6d 65 73 73 61 67 65 20 26 26 20 65 2e 6d 65 73 73 61 67 65 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 31 30 30 30 29 29 2b 22 26 75 72 6c 22 2b 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 29 7d 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                                                              Data Ascii: eoptimizer.com/e.gif?a=176159&s=j.php&e="+encodeURIComponent(e && e.message && e.message.substring(0,1000))+"&url"+encodeURIComponent(window.location.href)}0


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              107192.168.11.2052760104.244.42.1954432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC807OUTGET /i/adsct?bci=3&eci=2&event_id=61ac9233-d89b-4aaa-a31e-6c699ea51558&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=3c66a34f-3701-4218-ae59-2d1b1049f2b6&tw_document_href=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o4ls7&type=javascript&version=2.3.30 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: analytics.twitter.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: personalization_id="v1_ykmy21nCg+qBjPlr+hNE+Q=="
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC400INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              date: Sun, 26 May 2024 12:44:41 GMT
                                                                                                                                                                                                                                                                                              perf: 7402827104
                                                                                                                                                                                                                                                                                              server: tsa_b
                                                                                                                                                                                                                                                                                              content-type: image/gif;charset=utf-8
                                                                                                                                                                                                                                                                                              cache-control: no-cache, no-store, max-age=0
                                                                                                                                                                                                                                                                                              content-length: 43
                                                                                                                                                                                                                                                                                              x-transaction-id: 86cba0f14e9adb95
                                                                                                                                                                                                                                                                                              strict-transport-security: max-age=631138519
                                                                                                                                                                                                                                                                                              x-response-time: 7
                                                                                                                                                                                                                                                                                              x-connection-hash: ff23129c26633a8089695fc7f0e366bf12ea7abf2d923550749e946ba3690063
                                                                                                                                                                                                                                                                                              connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 09 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 02 4c 01 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,L;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              108192.168.11.2064490142.251.16.1564432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC859OUTPOST /g/collect?v=2&tid=G-YG64G9XX0R&cid=915640447.1716727481&gtm=45je45m0v872524127za200zb9132702579&aip=1&dma=0&gcs=G111&gcd=13t3t3t3t5&npa=0&frm=0 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: stats.g.doubleclick.net
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwB
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: test_cookie=CheckForPermission
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC450INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                              Server: Golfe2
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              109192.168.11.205842952.51.126.1014432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC542OUTGET /adalyser.js?cid=ccleaner HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: c5.adalyser.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: script
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC415INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/javascript
                                                                                                                                                                                                                                                                                              Content-Length: 33616
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              X-Powered-By: Express
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Headers: origin, content-type, accept
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                              P3P: CP="ADMa OUR IND DSP NON COR"
                                                                                                                                                                                                                                                                                              ETag: "163a8a8481e067a40d4ffc0815f92684b45bd3ab"
                                                                                                                                                                                                                                                                                              Cache-Control: public, max-age=21600
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC15969INData Raw: 76 61 72 20 61 64 61 6c 79 73 65 72 4d 6f 64 75 6c 65 73 3d 74 72 61 63 6b 65 72 43 6f 72 65 3b 61 64 61 6c 79 73 65 72 4d 6f 64 75 6c 65 73 2e 41 64 61 6c 79 73 65 72 54 72 61 63 6b 65 72 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 72 29 7b 76 61 72 20 74 3d 77 69 6e 64 6f 77 3b 6d 75 74 53 74 61 74 65 3d 7b 6f 75 74 51 75 65 75 65 73 3a 5b 5d 2c 62 75 66 66 65 72 46 6c 75 73 68 65 72 73 3a 5b 5d 2c 65 78 70 69 72 65 44 61 74 65 54 69 6d 65 3a 6e 75 6c 6c 2c 68 61 73 4c 6f 61 64 65 64 3a 66 61 6c 73 65 2c 72 65 67 69 73 74 65 72 65 64 4f 6e 4c 6f 61 64 48 61 6e 64 6c 65 72 73 3a 5b 5d 7d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 29 7b 76 61 72 20 65 3b 61 64 61 6c 79 73 65 72 4d 6f 64 75 6c 65 73 2e 68 65 6c 70 65 72 73 2e 66 6f 72 45 61 63 68 28 6d 75 74 53 74 61 74
                                                                                                                                                                                                                                                                                              Data Ascii: var adalyserModules=trackerCore;adalyserModules.AdalyserTracker=function(e,r){var t=window;mutState={outQueues:[],bufferFlushers:[],expireDateTime:null,hasLoaded:false,registeredOnLoadHandlers:[]};function n(){var e;adalyserModules.helpers.forEach(mutStat
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC16379INData Raw: 2c 73 3d 69 2e 73 70 6c 69 74 28 22 2f 22 29 5b 30 5d 2c 75 3d 69 2e 73 70 6c 69 74 28 22 2f 22 29 5b 32 5d 2c 6c 3b 69 66 28 6f 2e 6c 65 6e 67 74 68 3d 3d 32 29 7b 6c 3d 50 28 6f 5b 31 5d 29 7d 76 61 72 20 63 3d 7b 7d 3b 76 61 72 20 66 2c 64 3b 76 61 72 20 70 3d 7b 73 65 74 46 72 6f 6d 50 72 65 76 69 6f 75 73 3a 66 61 6c 73 65 7d 3b 69 66 28 61 5b 22 67 63 6c 69 64 22 5d 7c 7c 61 5b 22 67 63 6c 73 72 63 22 5d 29 7b 63 2e 73 6f 3d 22 67 6f 6f 67 6c 65 22 3b 63 2e 6d 65 3d 22 63 70 63 22 3b 63 2e 67 63 6c 69 64 3d 61 5b 22 67 63 6c 69 64 22 5d 7d 65 6c 73 65 20 69 66 28 61 5b 22 75 74 6d 5f 73 6f 75 72 63 65 22 5d 29 7b 69 66 28 74 29 7b 76 61 72 20 79 3d 66 61 6c 73 65 3b 76 61 72 20 67 3d 61 5b 22 75 74 6d 5f 73 6f 75 72 63 65 22 5d 3b 66 6f 72 28 76 61
                                                                                                                                                                                                                                                                                              Data Ascii: ,s=i.split("/")[0],u=i.split("/")[2],l;if(o.length==2){l=P(o[1])}var c={};var f,d;var p={setFromPrevious:false};if(a["gclid"]||a["gclsrc"]){c.so="google";c.me="cpc";c.gclid=a["gclid"]}else if(a["utm_source"]){if(t){var y=false;var g=a["utm_source"];for(va
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC1268INData Raw: 6f 69 64 20 30 3d 3d 3d 65 2e 63 6c 6f 63 6b 73 65 71 26 26 28 6f 3d 6f 2b 31 26 31 36 33 38 33 29 2c 28 75 3c 30 7c 7c 69 3e 5f 6c 61 73 74 4d 53 65 63 73 29 26 26 76 6f 69 64 20 30 3d 3d 3d 65 2e 6e 73 65 63 73 26 26 28 73 3d 30 29 2c 73 3e 3d 31 65 34 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 75 75 69 64 2e 76 31 28 29 3a 20 43 61 6e 27 74 20 63 72 65 61 74 65 20 6d 6f 72 65 20 74 68 61 6e 20 31 30 4d 20 75 75 69 64 73 2f 73 65 63 22 29 3b 5f 6c 61 73 74 4d 53 65 63 73 3d 69 2c 5f 6c 61 73 74 4e 53 65 63 73 3d 73 2c 5f 63 6c 6f 63 6b 73 65 71 3d 6f 2c 69 2b 3d 31 32 32 31 39 32 39 32 38 65 35 3b 76 61 72 20 6c 3d 28 31 65 34 2a 28 32 36 38 34 33 35 34 35 35 26 69 29 2b 73 29 25 34 32 39 34 39 36 37 32 39 36 3b 61 5b 6e 2b 2b 5d 3d 6c 3e 3e
                                                                                                                                                                                                                                                                                              Data Ascii: oid 0===e.clockseq&&(o=o+1&16383),(u<0||i>_lastMSecs)&&void 0===e.nsecs&&(s=0),s>=1e4)throw new Error("uuid.v1(): Can't create more than 10M uuids/sec");_lastMSecs=i,_lastNSecs=s,_clockseq=o,i+=122192928e5;var l=(1e4*(268435455&i)+s)%4294967296;a[n++]=l>>


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              110192.168.11.2056729142.251.167.1024432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC2161OUTPOST /g/collect?v=2&tid=G-YG64G9XX0R&gtm=45je45m0v872524127za200zb9132702579&_p=1716727477467&_gaz=1&gcs=G111&gcd=13t3t3t3t5&npa=0&dma=0&cid=915640447.1716727481&ul=en-us&sr=1920x1080&uaa=x86&uab=64&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&frm=0&pscdl=noapi&_s=1&sid=1716727481&sct=1&seg=0&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&dt=CCleaner%20v6.24.11060&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.admin_gtm_version=GTM-5HNSJRD%7C13%7Cfalse&ep.client_consent=C0001%3A1%2C%20C0003%3A1%2C%20C0002%3A1%2C%20BG232%3A1%2C%20C0004%3A1%2C%20C0005%3A1&ep.client_cid=748901336.1716727479&ep.screen_parameters=cv%3Dv6-24-11060&ep.screen_line_of_business=consumer&ep.screen_locale=en-us&ep.screen_name=en-us%20%7C%20%2Fknowledge%2Fccleaner-v6-24-11060&ep.screen_src_cookie=007_z8e&ep.screen_type=blog&ep.screen_caption=CCleaner%20v6.24.11060&ep.screen_category=blog&ep.screen_url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&ep.screen_clean_path=w [TRUNCATED]
                                                                                                                                                                                                                                                                                              Host: analytics.google.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Content-Type: text/plain;charset=UTF-8
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwB
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: CONSENT=YES+srp.gws-20210811-0-RC2.en+FX+979
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC450INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                              Server: Golfe2
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              111192.168.11.2064770104.19.178.524432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC378OUTGET /logos/static/poweredBy_ot_logo.svg HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: cdn.cookielaw.org
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC830INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              Content-Type: image/svg+xml
                                                                                                                                                                                                                                                                                              Content-Length: 2998
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-MD5: LpuayL42jB78xRllx0vkOw==
                                                                                                                                                                                                                                                                                              Last-Modified: Thu, 23 May 2024 06:07:37 GMT
                                                                                                                                                                                                                                                                                              ETag: 0x8DC7AEEA55DDC3C
                                                                                                                                                                                                                                                                                              x-ms-request-id: 73ae79c4-901e-0005-3b2b-adb516000000
                                                                                                                                                                                                                                                                                              x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                              x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                              x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cache-Control: max-age=86400
                                                                                                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                                                                                                              Age: 74075
                                                                                                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                                                                                                              CF-RAY: 889ddbb05f4f0780-IAD
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC539INData Raw: 3c 73 76 67 20 77 69 64 74 68 3d 22 31 33 36 22 20 68 65 69 67 68 74 3d 22 31 36 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 3c 67 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 3e 3c 70 61 74 68 20 64 3d 22 4d 37 39 2e 30 33 39 20 37 2e 33 34 36 63 30 20 31 2e 37 38 34 2d 2e 34 34 39 20 33 2e 31 38 36 2d 31 2e 33 34 36 20 34 2e 32 30 36 2d 2e 38 39 37 20 31 2e 30 32 31 2d 32 2e 31 35 32 20 31 2e 35 33 32 2d 33 2e 37 36 37 20 31 2e 35 33 32 2d 31 2e 36 34 31 20 30 2d 32 2e 39 30 35 2d 2e 35 30 35 2d 33 2e 37 39 31 2d 31 2e 35 31 33 2d 2e 38 38 37 2d 31 2e 30 30 38 2d 31 2e 33 33 35 2d 32 2e 34 32 32 2d 31 2e 33 34 36 2d 34 2e 32 34 20 30 2d 31 2e 38 31 35 2e 34 34 39 2d 33 2e 32 32 31 20 31 2e 33 34
                                                                                                                                                                                                                                                                                              Data Ascii: <svg width="136" height="16" xmlns="http://www.w3.org/2000/svg"><g fill="none"><path d="M79.039 7.346c0 1.784-.449 3.186-1.346 4.206-.897 1.021-2.152 1.532-3.767 1.532-1.641 0-2.905-.505-3.791-1.513-.887-1.008-1.335-2.422-1.346-4.24 0-1.815.449-3.221 1.34
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1369INData Raw: 31 2e 32 33 35 20 30 2d 32 2e 31 37 33 2e 33 39 2d 32 2e 38 31 35 20 31 2e 31 37 2d 2e 36 34 32 2e 37 38 2d 2e 39 36 34 20 31 2e 39 31 35 2d 2e 39 36 34 20 33 2e 34 30 34 68 2d 2e 30 30 32 7a 6d 31 36 2e 38 39 31 20 35 2e 35 38 37 56 37 2e 35 33 35 63 30 2d 2e 36 38 2d 2e 31 35 35 2d 31 2e 31 38 38 2d 2e 34 36 36 2d 31 2e 35 32 33 2d 2e 33 31 2d 2e 33 33 36 2d 2e 37 39 35 2d 2e 35 30 34 2d 31 2e 34 35 35 2d 2e 35 30 34 2d 2e 38 37 34 20 30 2d 31 2e 35 31 34 2e 32 33 36 2d 31 2e 39 32 32 2e 37 30 38 2d 2e 34 30 37 2e 34 37 32 2d 2e 36 31 20 31 2e 32 35 31 2d 2e 36 31 20 32 2e 33 33 39 76 34 2e 33 37 38 68 2d 31 2e 32 36 35 56 34 2e 35 37 35 68 31 2e 30 32 38 6c 2e 32 30 34 20 31 2e 31 34 33 68 2e 30 36 32 61 32 2e 35 38 33 20 32 2e 35 38 33 20 30 20 30 31
                                                                                                                                                                                                                                                                                              Data Ascii: 1.235 0-2.173.39-2.815 1.17-.642.78-.964 1.915-.964 3.404h-.002zm16.891 5.587V7.535c0-.68-.155-1.188-.466-1.523-.31-.336-.795-.504-1.455-.504-.874 0-1.514.236-1.922.708-.407.472-.61 1.251-.61 2.339v4.378h-1.265V4.575h1.028l.204 1.143h.062a2.583 2.583 0 01
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC1090INData Raw: 35 39 2d 31 2e 32 35 35 2d 2e 37 35 39 2d 32 2e 33 31 37 56 34 2e 35 37 35 68 31 2e 32 37 38 7a 6d 31 33 2e 37 38 31 20 36 2e 30 37 39 61 32 2e 30 39 20 32 2e 30 39 20 30 20 30 31 2d 2e 38 37 20 31 2e 37 39 37 63 2d 2e 35 37 39 2e 34 32 32 2d 31 2e 33 39 32 2e 36 33 33 2d 32 2e 34 33 37 2e 36 33 33 2d 31 2e 31 30 37 20 30 2d 31 2e 39 37 31 2d 2e 31 38 2d 32 2e 35 39 32 2d 2e 35 33 39 76 2d 31 2e 31 36 63 2e 34 31 32 2e 32 30 37 2e 38 34 35 2e 33 36 38 20 31 2e 32 39 32 2e 34 38 2e 34 33 34 2e 31 31 33 2e 38 38 2e 31 37 32 20 31 2e 33 33 2e 31 37 34 2e 35 32 36 2e 30 33 20 31 2e 30 35 31 2d 2e 30 38 20 31 2e 35 32 32 2d 2e 33 31 37 61 31 2e 30 37 36 20 31 2e 30 37 36 20 30 20 30 30 2e 31 31 2d 31 2e 37 39 38 20 36 2e 36 36 33 20 36 2e 36 36 33 20 30 20 30
                                                                                                                                                                                                                                                                                              Data Ascii: 59-1.255-.759-2.317V4.575h1.278zm13.781 6.079a2.09 2.09 0 01-.87 1.797c-.579.422-1.392.633-2.437.633-1.107 0-1.971-.18-2.592-.539v-1.16c.412.207.845.368 1.292.48.434.113.88.172 1.33.174.526.03 1.051-.08 1.522-.317a1.076 1.076 0 00.11-1.798 6.663 6.663 0 0


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              112192.168.11.206477234.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 265
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC265OUTData Raw: 0a 86 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 48 0a 03 3b 09 01 10 ea ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 22 08 c9 34 12 1d 0a 19 50 6e 61 63 6c 54 72 61 6e 73 6c 61 74 69 6f 6e 43 61 63 68 65 53 69 7a 65 10 00 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04 40 12
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557H;HealthCheckNF1(Z"4PnaclTranslationCacheSize`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H@
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              113192.168.11.205746534.96.102.1374432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:42 UTC705OUTGET /v.gif?cd=0&a=176159&d=ccleaner.com&u=D081923F550B4CB6AAF1E5193B62F8035&h=93a6e56797b5efaae57550acdfcfa9cf&t=true HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: dev.visualwebsiteoptimizer.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC312INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:42 GMT
                                                                                                                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                                                                                                                              Cache-Control: public, max-age=43200
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Content-Length: 35
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              server: gnv3c
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC35INData Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 ff ff ff 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a,D;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              114192.168.11.2059016157.240.229.354432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC900OUTGET /tr/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&rl=&if=false&ts=1716727481468&sw=1920&sh=1080&v=2.9.156&r=stable&ec=0&o=4126&fbp=fb.1.1716727481466.1579835487&cs_est=true&ler=empty&cdl=API_unavailable&it=1716727479766&coo=false&dpo=&tm=1&rqm=GET HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: www.facebook.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC464INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin:
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                              Server: proxygen-bolt
                                                                                                                                                                                                                                                                                              X-FB-Connection-Quality: GOOD; q=0.7, rtt=98, rtx=0, c=10, mss=1277, tbw=3403, tp=-1, tpl=-1, uplat=0, ullat=0
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:43 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 0


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              115192.168.11.2053861142.251.16.1564432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC869OUTPOST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-69441-21&cid=915640447.1716727481&jid=872880649&gjid=1519295001&_gid=1588426393.1716727482&_u=YCDAgEABAAAAAGAEK~&z=1683501845 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: stats.g.doubleclick.net
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwB
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: test_cookie=CheckForPermission
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC594INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: https://www.ccleaner.com
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:43 GMT
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Last-Modified: Sun, 17 May 1998 03:00:00 GMT
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                              Server: Golfe2
                                                                                                                                                                                                                                                                                              Content-Length: 2
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC2INData Raw: 31 67
                                                                                                                                                                                                                                                                                              Data Ascii: 1g


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              116192.168.11.206012134.96.102.1374432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC469OUTGET /v.gif?cd=0&a=176159&d=ccleaner.com&u=D081923F550B4CB6AAF1E5193B62F8035&h=93a6e56797b5efaae57550acdfcfa9cf&t=true HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: dev.visualwebsiteoptimizer.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC312INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:43 GMT
                                                                                                                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                                                                                                                              Cache-Control: public, max-age=43200
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Content-Length: 35
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              server: gnv3c
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC35INData Raw: 47 49 46 38 39 61 01 00 01 00 80 ff 00 ff ff ff 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a,D;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              117192.168.11.206539734.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 273
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC273OUTData Raw: 0a 8e 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 50 0a 03 3b 09 01 10 ea ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 2a 08 fc 44 12 0e 0a 0a 47 61 6d 65 72 53 63 6f 72 65 10 02 12 15 0a 11 47 61 6d 65 72 53 63 6f 72 65 56 65 72 73 69 6f 6e 10 04 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557P;HealthCheckNF1(Z*DGamerScoreGamerScoreVersion`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:43 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              118192.168.11.2049577157.240.229.354432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC664OUTGET /tr/?id=2679475345708101&ev=PageView&dl=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&rl=&if=false&ts=1716727481468&sw=1920&sh=1080&v=2.9.156&r=stable&ec=0&o=4126&fbp=fb.1.1716727481466.1579835487&cs_est=true&ler=empty&cdl=API_unavailable&it=1716727479766&coo=false&dpo=&tm=1&rqm=GET HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: www.facebook.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC464INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin:
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                                                                                                                                                                                              cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                                                                                              Server: proxygen-bolt
                                                                                                                                                                                                                                                                                              X-FB-Connection-Quality: GOOD; q=0.7, rtt=98, rtx=0, c=10, mss=1277, tbw=3403, tp=-1, tpl=-1, uplat=0, ullat=0
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:43 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 0


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              119192.168.11.204967752.51.126.1014432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC1320OUTGET /tracking/track/v3/p?stm=1716727481819&e=lce1&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&cid=ccleaner&p=%7B%22et%22%3A1716727481817%2C%22nr%22%3A%22New%22%2C%22cg%22%3A%22Direct%22%2C%22dt%22%3A%22desktop%22%2C%22so%22%3A%22direct%22%2C%22me%22%3A%22none%22%2C%22ca%22%3A%22direct%22%2C%22co%22%3A%22(not%20set)%22%2C%22ke%22%3A%22(not%20set)%22%2C%22vid%22%3A%221%22%2C%22sid%22%3A%222984c0b8-a202-426f-acaf-a7b3c00a6ad1%22%2C%22duid%22%3A%22a7ceef44-86b5-48d2-9097-d36dffbdb759%22%2C%22cw%22%3A1716727481817%7D&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F94.0.4606.61%20Safari%2F537.36&domain=www.ccleaner.com HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: c5.adalyser.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC430INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:43 GMT
                                                                                                                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                                                                                                                              Content-Length: 43
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              X-Powered-By: Express
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Headers: origin, content-type, accept
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                              P3P: CP="ADMa OUR IND DSP NON COR"
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: 0
                                                                                                                                                                                                                                                                                              ETag: W/"2b-B//0C13UlayirE4cP7xgqg"
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 f0 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              120192.168.11.2063463142.251.16.1564432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC617OUTGET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-69441-21&cid=915640447.1716727481&jid=872880649&gjid=1519295001&_gid=1588426393.1716727482&_u=YCDAgEABAAAAAGAEK~&z=1683501845 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: stats.g.doubleclick.net
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwB
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: test_cookie=CheckForPermission
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC531INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:43 GMT
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Last-Modified: Sun, 17 May 1998 03:00:00 GMT
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                              Server: Golfe2
                                                                                                                                                                                                                                                                                              Content-Length: 2
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC2INData Raw: 31 67
                                                                                                                                                                                                                                                                                              Data Ascii: 1g


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              121192.168.11.2030680142.251.16.105443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC830OUTGET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-69441-21&cid=915640447.1716727481&jid=872880649&_u=YCDAgEABAAAAAGAEK~&z=403242574 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              sec-ch-ua: "Chromium";v="94", "Google Chrome";v="94", ";Not A Brand";v="99"
                                                                                                                                                                                                                                                                                              sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                                                                                              Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                                                                                              X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwB
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: image
                                                                                                                                                                                                                                                                                              Referer: https://www.ccleaner.com/
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: CONSENT=YES+srp.gws-20210811-0-RC2.en+FX+979
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC539INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                                              Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:43 GMT
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cafe
                                                                                                                                                                                                                                                                                              Content-Length: 42
                                                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              122192.168.11.205544434.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 342
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC342OUTData Raw: 0a d3 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 94 01 0a 03 3b 04 01 10 ec ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 6e 0a 1e 48 65 61 6c 74 68 43 68 65 63 6b 2f 4f 6e 62 6f 61 72 64 69 6e 67 2f 57 65 6c 63 6f 6d 65 12 1e 48 65 61 6c 74 68 43 68 65 63 6b 2f 4f 6e 62 6f 61 72 64 69 6e 67 2f 57 65 6c 63 6f 6d 65 1a 0a 08 80 f7 c9 b2 06 10 02 18 01 2a 09 08 00 10 00 1a 03 31 2d 61 32 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(ZnHealthCheck/Onboarding/WelcomeHealthCheck/Onboarding/Welcome*1-a2mmm_ccl_003_999_a8
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:43 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              123192.168.11.2054861142.251.16.1054432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:43 UTC594OUTGET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-69441-21&cid=915640447.1716727481&jid=872880649&_u=YCDAgEABAAAAAGAEK~&z=403242574 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: www.google.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              X-Client-Data: CI+2yQEIorbJAQipncoBCJahywEI7/LLAQjLicwB
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              Cookie: CONSENT=YES+srp.gws-20210811-0-RC2.en+FX+979
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:44 UTC539INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
                                                                                                                                                                                                                                                                                              Timing-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:44 GMT
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Server: cafe
                                                                                                                                                                                                                                                                                              Content-Length: 42
                                                                                                                                                                                                                                                                                              X-XSS-Protection: 0
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:44 UTC42INData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 01 44 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              124192.168.11.206249852.51.126.1014432344C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:44 UTC1084OUTGET /tracking/track/v3/p?stm=1716727481819&e=lce1&url=https%3A%2F%2Fwww.ccleaner.com%2Fknowledge%2Fccleaner-v6-24-11060%3Fcv%3Dv6-24-11060&cid=ccleaner&p=%7B%22et%22%3A1716727481817%2C%22nr%22%3A%22New%22%2C%22cg%22%3A%22Direct%22%2C%22dt%22%3A%22desktop%22%2C%22so%22%3A%22direct%22%2C%22me%22%3A%22none%22%2C%22ca%22%3A%22direct%22%2C%22co%22%3A%22(not%20set)%22%2C%22ke%22%3A%22(not%20set)%22%2C%22vid%22%3A%221%22%2C%22sid%22%3A%222984c0b8-a202-426f-acaf-a7b3c00a6ad1%22%2C%22duid%22%3A%22a7ceef44-86b5-48d2-9097-d36dffbdb759%22%2C%22cw%22%3A1716727481817%7D&userAgent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F94.0.4606.61%20Safari%2F537.36&domain=www.ccleaner.com HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: c5.adalyser.com
                                                                                                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                              Sec-Fetch-Mode: cors
                                                                                                                                                                                                                                                                                              Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                              Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                              Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:44 UTC430INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:44 GMT
                                                                                                                                                                                                                                                                                              Content-Type: image/gif
                                                                                                                                                                                                                                                                                              Content-Length: 43
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              X-Powered-By: Express
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Headers: origin, content-type, accept
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Credentials: true
                                                                                                                                                                                                                                                                                              P3P: CP="ADMa OUR IND DSP NON COR"
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: 0
                                                                                                                                                                                                                                                                                              ETag: W/"2b-B//0C13UlayirE4cP7xgqg"
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:44 UTC43INData Raw: 47 49 46 38 39 61 01 00 01 00 f0 00 00 00 00 00 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b
                                                                                                                                                                                                                                                                                              Data Ascii: GIF89a!,D;


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              125192.168.11.204923934.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:44 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 267
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:44 UTC267OUTData Raw: 0a 88 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 4a 0a 03 3b 09 01 10 ec ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 24 08 fe 3e 12 1f 0a 1b 41 75 74 6f 55 70 64 61 74 65 53 65 72 76 69 63 65 4f 6e 46 69 6e 69 73 68 65 64 10 06 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557J;HealthCheckNF1(Z$>AutoUpdateServiceOnFinished`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:44 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:44 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:44 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              126192.168.11.206414640.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:44 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 8927
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:44 UTC8927OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:45 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:44 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 4304
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:45 UTC4304INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              127192.168.11.204418734.117.223.223443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:44 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 342
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:44 UTC342OUTData Raw: 0a d3 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 94 01 0a 03 3b 04 01 10 f0 ba 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 6e 0a 1e 50 6f 70 75 70 2f 70 6f 73 74 69 6e 73 74 61 6c 6c 2f 67 65 74 74 69 6e 67 72 65 61 64 79 12 1e 50 6f 70 75 70 2f 70 6f 73 74 69 6e 73 74 61 6c 6c 2f 67 65 74 74 69 6e 67 72 65 61 64 79 1a 0a 08 80 f7 c9 b2 06 10 02 18 01 2a 09 08 00 10 00 1a 03 31 2d 61 32 15 6d 6d 6d 5f 63 63 6c 5f 30 30 33 5f 39 39 39 5f 61 38
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557;HealthCheckNF1(ZnPopup/postinstall/gettingreadyPopup/postinstall/gettingready*1-a2mmm_ccl_003_999_a8
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:45 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:45 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:45 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              128192.168.11.205158034.117.223.223443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:46 UTC188OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 349
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:46 UTC349OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a 75 8f bb 4a c3 50 18 80 9b 7a a1 44 c1 52 c1 41 1c 7e 8a 43 2a 4d 3c 27 3d d7 2d 97 26 46 a5 58 62 0b e2 64 db 1c b1 36 b4 e0 05 54 1c c4 cd 47 10 9d 7c 04 27 11 1f c1 c1 d1 45 9d 74 72 70 e8 03 58 dc 5d 3f f8 e0 fb f4 af ac de f7 9c 40 04 c4 a7 55 9f 23 26 42 5c e5 2e 0d 31 11 d4 0e 82 c0 c3 5c 84 ae f0 a8 ac 50 11 32 9f 48 9f 72 ec 22 ce 5c 84 64 c8 3d 1e 10 b9 b6 48 3b 9c 26 52 50 93 b6 c8 ae 49 ec 0a 36 db 52 32 93 a3 76 d2 96 88 25 94 f2 4b 2d 73 a7 65 0a 37 9a 9e 5d d0 f2 ef 8f d7 9f d3 c6 c7 d8 f6 95 a6 cf 35 06 e0 29 08 bb 69 aa 12 f0 4e 61 c3 0a ac 9a 55 f8 87 cf 1b ab fd 23 95 1a 71 09 fc c1 81 32 1a b5 12 74 a5 29 25 42 eb e0 d7 9b e0 40 c5 62 68 25 3a 83 97 d7 e1 70 62 49 77 37 e3 41 a7 17 b7 3a 3d 7b ea cf 85 51
                                                                                                                                                                                                                                                                                              Data Ascii: uJPzDRA~C*M<'=-&FXbd6TG|'EtrpX]?@U#&B\.1\P2Hr"\d=H;&RPI6R2v%K-se7]5)iNaU#q2t)%B@bh%:pbIw7A:={Q
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:46 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:46 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:46 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              129192.168.11.205522434.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:46 UTC195OUTPOST /v4/receive/gpb HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 1341
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:46 UTC1341OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a b5 57 4d 6c 1b 45 14 f6 a6 4d e2 6c ac 36 75 9b d8 31 29 1a 55 08 4d 11 5e cd cc fe 73 a8 e2 f5 0f 09 a4 8d 69 0a ad 40 40 d7 f6 b8 5d 62 ef 5a eb 4d 93 14 71 e1 e7 82 84 84 04 b4 81 72 28 48 a8 a8 97 8a f6 44 b9 71 a2 6a 2f f4 8e 2a 71 6b 05 02 b5 48 1c 38 c0 ec da ae 9d 26 f1 d2 22 7c 1a cf fb de f7 bd 79 ef ed ce 5b fe 5a 8a 1f 8d be 36 c6 25 6f 7f 71 f5 c2 5f 38 fe 06 ff 84 5c 56 e5 8a ae c9 69 d9 94 aa 69 89 88 38 5d d2 75 25 ad a2 52 a5 a4 23 a5 22 cb 6a 7c 3a af e5 a5 ac 9c cb aa 48 d1 0a 38 a7 66 e4 02 96 34 99 e4 f3 79 03 ab 5a 21 a3 19 b2 2e ca 5a 41 c9 4a 7a 56 56 71 06 a9 4a 06 21 bd a0 1a 6a 5e d2 9f 8a a4 76 47 4f 8e 45 08 af 08 44 12 30 46 0a 9a fe 7d fb be c7 a3 5c 7c 3b 46 02 4a 0d 62 1d 49 04 7c 30 02 07 9e
                                                                                                                                                                                                                                                                                              Data Ascii: WMlEMl6u1)UM^si@@]bZMqr(HDqj/*qkH8&"|y[Z6%oq_8\Vii8]u%R#"j|:H8f4yZ!.ZAJzVVqJ!j^vGOED0F}\|;FJbI|0
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:46 UTC223INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:46 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 2
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:46 UTC2INData Raw: 08 01
                                                                                                                                                                                                                                                                                              Data Ascii:


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              130192.168.11.205522534.111.24.14435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:47 UTC898OUTGET /?action=1&p_elm=0&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=0&p_sols=0&p_pts=0&p_ftc=0&p_btc=0&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: ipm-provider.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:47 UTC690INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:47 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: 0
                                                                                                                                                                                                                                                                                              Content-Identifier: UNKNOWN SCREEN
                                                                                                                                                                                                                                                                                              ETag: W/1505
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:44:47 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:44:47 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              131192.168.11.205522640.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:47 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 8927
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:47 UTC8927OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:47 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:47 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 4305
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:47 UTC4305INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              132192.168.11.205522740.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:50 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 8927
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:50 UTC8927OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:50 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:50 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 4305
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:50 UTC4305INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              133192.168.11.205522840.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:53 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 8927
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:53 UTC8927OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:53 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:52 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 4305
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:53 UTC4305INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              134192.168.11.205522940.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:55 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 8927
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:55 UTC8927OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:56 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:55 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 4305
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:56 UTC4305INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              135192.168.11.205523040.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:58 UTC449OUTPOST /TrafficShaping/ContentRegulationV2.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2/GetContentRegulationV2Information"
                                                                                                                                                                                                                                                                                              Content-Length: 8927
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:58 UTC8927OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:GetContentRegulationV2Information xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegula
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:58 UTC211INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:44:58 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 4305
                                                                                                                                                                                                                                                                                              2024-05-26 12:44:58 UTC4305INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 22 3e 3c 47 65 74 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 56 32 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetContentRegulationV2InformationResponse xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulationV2"><GetContentRegulationV2InformationResult xmlns:a="http://www.mi


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              136192.168.11.205523120.190.190.195443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:00 UTC420OUTPOST /RST2.srf HTTP/1.0
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/soap+xml
                                                                                                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19042.0.0; IDCRL-cfg 16.000.29143.3; App svchost.exe, 10.0.19041.546, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                                                                                                                                                                                              Content-Length: 4704
                                                                                                                                                                                                                                                                                              Host: login.live.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:00 UTC4704OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:00 UTC569INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: no-store, no-cache
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: application/soap+xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Expires: Sun, 26 May 2024 12:44:00 GMT
                                                                                                                                                                                                                                                                                              P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                                                                                                                                                                                              Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                                                                                                                                                                                              x-ms-route-info: C544_SN1
                                                                                                                                                                                                                                                                                              x-ms-request-id: ebc6ab25-5b72-453e-8c5b-4c52883f920c
                                                                                                                                                                                                                                                                                              PPServer: PPV: 30 H: SN1PEPF0002F9A1 V: 0
                                                                                                                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                                                              Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:00 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 10665
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:00 UTC10665INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                                                                                                                                                                                              Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              137192.168.11.205523234.117.223.223443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 254
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC254OUTData Raw: 0a fb 01 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 3d 0a 03 3b 09 01 10 a4 bb 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 17 08 99 3d 12 08 0a 04 48 4b 4c 4d 10 06 12 08 0a 04 48 4b 43 55 10 06 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04 40 12 52 08 08 01 10 d2 dd cc b2 06
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557=;HealthCheckNF1(Z=HKLMHKCU`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H@R
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:08 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              138192.168.11.205523434.117.223.2234432752C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 265
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC265OUTData Raw: 0a 86 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 48 0a 03 3b 09 01 10 a4 bb 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 22 08 c9 34 12 1d 0a 19 50 6e 61 63 6c 54 72 61 6e 73 6c 61 74 69 6f 6e 43 61 63 68 65 53 69 7a 65 10 00 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04 40 12
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557H;HealthCheckNF1(Z"4PnaclTranslationCacheSize`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H@
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:08 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              139192.168.11.206489434.149.202.126443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC158OUTPOST /api/v1/scanDrivers/ HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              User-Agent: DriverUpdater/23.4.4927.0
                                                                                                                                                                                                                                                                                              Content-Length: 8461
                                                                                                                                                                                                                                                                                              Host: driver-updater.ff.avast.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC8461OUTData Raw: 0a 16 08 0a 10 00 18 e2 94 01 20 01 28 80 80 fc 99 c1 80 c0 0b 30 cd 02 12 da 01 08 00 1a 05 49 4e 54 45 4c 22 05 49 4e 54 45 4c 2a 2c 50 43 49 5c 56 45 4e 5f 38 30 38 36 26 44 45 56 5f 41 33 33 38 26 53 55 42 53 59 53 5f 41 33 33 38 31 38 34 39 26 52 45 56 5f 46 30 2a 25 50 43 49 5c 56 45 4e 5f 38 30 38 36 26 44 45 56 5f 41 33 33 38 26 53 55 42 53 59 53 5f 41 33 33 38 31 38 34 39 2a 1f 50 43 49 5c 56 45 4e 5f 38 30 38 36 26 44 45 56 5f 41 33 33 38 26 43 43 5f 30 36 30 34 30 30 2a 1d 50 43 49 5c 56 45 4e 5f 38 30 38 36 26 44 45 56 5f 41 33 33 38 26 43 43 5f 30 36 30 34 32 1c 50 43 49 5c 56 45 4e 5f 38 30 38 36 26 44 45 56 5f 41 33 33 38 26 52 45 56 5f 46 30 32 15 50 43 49 5c 56 45 4e 5f 38 30 38 36 26 44 45 56 5f 41 33 33 38 12 da 01 08 01 1a 05 49 4e 54
                                                                                                                                                                                                                                                                                              Data Ascii: (0INTEL"INTEL*,PCI\VEN_8086&DEV_A338&SUBSYS_A3381849&REV_F0*%PCI\VEN_8086&DEV_A338&SUBSYS_A3381849*PCI\VEN_8086&DEV_A338&CC_060400*PCI\VEN_8086&DEV_A338&CC_06042PCI\VEN_8086&DEV_A338&REV_F02PCI\VEN_8086&DEV_A338INT
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC228INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:08 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 136735
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC1027INData Raw: 0a f4 02 08 00 12 b2 01 0a 08 31 30 2e 31 2e 31 2e 37 12 0a 32 30 31 35 2d 30 36 2d 31 36 18 81 c0 fc 07 22 12 30 30 2f 31 33 2f 31 33 2f 30 36 2f 33 30 2e 7a 69 70 2a 40 36 37 39 36 37 32 61 37 64 32 33 34 63 33 36 33 37 63 33 32 62 35 32 63 65 61 32 30 63 35 38 65 33 63 66 64 64 39 33 34 63 38 37 65 37 63 32 61 34 62 35 39 66 32 37 34 37 35 30 38 38 39 64 34 32 16 63 61 6e 6e 6f 6e 6c 61 6b 65 2d 68 73 79 73 74 65 6d 2e 69 6e 66 3a 05 49 4e 54 45 4c 42 05 49 4e 54 45 4c 48 81 fe 03 50 ad ed b6 9b 06 58 86 b7 a1 06 60 00 6a 02 48 50 72 02 22 22 7a 00 12 ba 01 0a 09 31 30 2e 31 2e 31 36 2e 37 12 0a 32 30 31 39 2d 30 31 2d 31 30 18 81 c0 fc 07 22 12 30 30 2f 31 33 2f 31 34 2f 31 34 2f 35 36 2e 7a 69 70 2a 40 66 36 37 32 64 37 36 65 61 61 32 38 31 34 31 64
                                                                                                                                                                                                                                                                                              Data Ascii: 10.1.1.72015-06-16"00/13/13/06/30.zip*@679672a7d234c3637c32b52cea20c58e3cfdd934c87e7c2a4b59f274750889d42cannonlake-hsystem.inf:INTELBINTELHPX`jHPr""z10.1.16.72019-01-10"00/13/14/14/56.zip*@f672d76eaa28141d
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC222INData Raw: 36 63 35 63 62 65 66 31 65 34 35 32 62 33 30 65 63 66 32 09 6d 65 73 72 6c 2e 69 6e 66 3a 05 49 6e 74 65 6c 42 05 49 6e 74 65 6c 48 81 fe 03 50 d0 f5 ad c6 05 58 fa e1 e3 05 60 00 6a 05 41 4f 50 45 4e 72 02 22 22 7a 00 12 ab 01 0a 0a 32 33 31 36 2e 35 2e 30 2e 30 12 0a 32 30 32 33 2d 30 34 2d 31 38 18 83 80 fc 07 22 12 30 30 2f 31 32 2f 33 36 2f 32 31 2f 35 34 2e 7a 69 70 2a 40 31 36 62 39 33 37 62 35 65 65 34 64 38 64 65 34 38 39 65 63 31 38 32 36 30 35 61 64 66 66 66 30 32 30 37 36 31 32 65 61 31 61 30 37 61 38 31 35 61 39 62 38 62 30 35 66 39 35 31 30 35 65 38 30 32 09 6d 65 73 72 6c 2e 69 6e 66 3a 05 49 6e 74 65 6c 42 05 49 6e 74 65 6c 48 81 fe 03 50 f1
                                                                                                                                                                                                                                                                                              Data Ascii: 6c5cbef1e452b30ecf2mesrl.inf:IntelBIntelHPX`jAOPENr""z2316.5.0.02023-04-18"00/12/36/21/54.zip*@16b937b5ee4d8de489ec182605adfff0207612ea1a07a815a9b8b05f95105e802mesrl.inf:IntelBIntelHP
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC1255INData Raw: b8 df d1 05 58 aa c3 f2 05 60 00 6a 06 41 53 52 4f 43 4b 72 02 22 22 7a 00 12 a9 01 0a 0a 32 32 35 31 2e 34 2e 31 2e 30 12 0a 32 30 32 32 2d 31 32 2d 31 31 18 83 80 fc 07 22 12 30 30 2f 31 32 2f 32 36 2f 39 36 2f 36 30 2e 7a 69 70 2a 40 30 33 64 36 38 35 65 35 36 64 38 62 36 65 61 30 36 30 37 30 32 35 30 35 30 30 30 32 35 61 33 33 32 64 66 36 61 39 38 36 30 61 32 38 37 36 64 34 33 39 36 32 39 38 36 63 65 64 36 37 64 62 38 34 32 09 6d 65 73 72 6c 2e 69 6e 66 3a 05 49 6e 74 65 6c 42 05 49 6e 74 65 6c 48 81 fe 03 50 93 ea ad ca 05 58 dc f0 ec 05 60 00 6a 04 41 53 55 53 72 02 22 22 7a 00 12 aa 01 0a 0a 32 33 31 36 2e 35 2e 30 2e 30 12 0a 32 30 32 33 2d 30 34 2d 31 38 18 83 80 fc 07 22 12 30 30 2f 31 32 2f 33 36 2f 32 31 2f 35 34 2e 7a 69 70 2a 40 31 36 62 39
                                                                                                                                                                                                                                                                                              Data Ascii: X`jASROCKr""z2251.4.1.02022-12-11"00/12/26/96/60.zip*@03d685e56d8b6ea06070250500025a332df6a9860a2876d43962986ced67db842mesrl.inf:IntelBIntelHPX`jASUSr""z2316.5.0.02023-04-18"00/12/36/21/54.zip*@16b9
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC1255INData Raw: 30 32 32 2d 30 31 2d 31 30 18 83 80 fc 07 22 12 30 30 2f 31 32 2f 31 31 2f 34 35 2f 31 36 2e 7a 69 70 2a 40 37 35 35 32 32 32 64 39 61 39 30 66 32 66 64 66 38 37 36 63 33 34 33 31 33 62 66 34 62 37 32 30 64 30 63 35 36 65 38 39 66 62 37 34 36 32 35 39 31 61 36 30 31 32 32 38 62 63 34 34 63 63 34 30 32 09 6d 65 73 72 6c 2e 69 6e 66 3a 05 49 6e 74 65 6c 42 05 49 6e 74 65 6c 48 81 fe 03 50 96 f5 86 c5 05 58 d4 b4 e3 05 60 00 6a 07 4b 4f 4e 54 52 4f 4e 72 02 22 22 7a 00 12 ab 01 0a 0a 32 33 31 36 2e 35 2e 30 2e 30 12 0a 32 30 32 33 2d 30 34 2d 31 38 18 83 80 fc 07 22 12 30 30 2f 31 32 2f 33 36 2f 32 31 2f 35 34 2e 7a 69 70 2a 40 31 36 62 39 33 37 62 35 65 65 34 64 38 64 65 34 38 39 65 63 31 38 32 36 30 35 61 64 66 66 66 30 32 30 37 36 31 32 65 61 31 61 30 37
                                                                                                                                                                                                                                                                                              Data Ascii: 022-01-10"00/12/11/45/16.zip*@755222d9a90f2fdf876c34313bf4b720d0c56e89fb7462591a601228bc44cc402mesrl.inf:IntelBIntelHPX`jKONTRONr""z2316.5.0.02023-04-18"00/12/36/21/54.zip*@16b937b5ee4d8de489ec182605adfff0207612ea1a07
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC1255INData Raw: 30 33 64 36 38 35 65 35 36 64 38 62 36 65 61 30 36 30 37 30 32 35 30 35 30 30 30 32 35 61 33 33 32 64 66 36 61 39 38 36 30 61 32 38 37 36 64 34 33 39 36 32 39 38 36 63 65 64 36 37 64 62 38 34 32 09 6d 65 73 72 6c 2e 69 6e 66 3a 05 49 6e 74 65 6c 42 05 49 6e 74 65 6c 48 81 fe 03 50 93 ea ad ca 05 58 dc f0 ec 05 60 00 6a 09 50 41 4e 41 53 4f 4e 49 43 72 02 22 22 7a 00 12 aa 01 0a 0a 32 32 35 31 2e 34 2e 31 2e 30 12 0a 32 30 32 32 2d 31 32 2d 31 31 18 83 80 fc 07 22 12 30 30 2f 31 32 2f 32 36 2f 39 36 2f 36 30 2e 7a 69 70 2a 40 30 33 64 36 38 35 65 35 36 64 38 62 36 65 61 30 36 30 37 30 32 35 30 35 30 30 30 32 35 61 33 33 32 64 66 36 61 39 38 36 30 61 32 38 37 36 64 34 33 39 36 32 39 38 36 63 65 64 36 37 64 62 38 34 32 09 6d 65 73 72 6c 2e 69 6e 66 3a 05 49
                                                                                                                                                                                                                                                                                              Data Ascii: 03d685e56d8b6ea06070250500025a332df6a9860a2876d43962986ced67db842mesrl.inf:IntelBIntelHPX`jPANASONICr""z2251.4.1.02022-12-11"00/12/26/96/60.zip*@03d685e56d8b6ea06070250500025a332df6a9860a2876d43962986ced67db842mesrl.inf:I
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC331INData Raw: 36 33 36 36 38 30 33 32 31 33 34 36 64 62 65 33 34 64 38 36 36 39 64 37 62 39 31 39 62 31 64 36 61 63 66 38 39 30 39 32 15 69 61 4c 50 53 53 32 5f 55 41 52 54 32 5f 43 4e 4c 2e 69 6e 66 3a 11 49 6e 74 65 6c 20 43 6f 72 70 6f 72 61 74 69 6f 6e 42 11 49 6e 74 65 6c 20 43 6f 72 70 6f 72 61 74 69 6f 6e 48 81 fe 03 50 ba ef 8e c5 05 58 eb b5 e3 05 60 00 6a 04 41 43 45 52 72 02 22 22 7a 00 12 cb 01 0a 0c 35 2e 31 32 33 2e 31 2e 31 30 32 35 12 0a 32 30 32 31 2d 31 32 2d 32 30 18 81 c0 fc 07 22 12 30 30 2f 31 32 2f 31 36 2f 35 33 2f 33 39 2e 7a 69 70 2a 40 32 39 39 33 61 34 38 39 38 32 65 66 38 30 63 38 64 32 30 63 38 66 32 30 36 63 35 34 35 66 63 31 66 30 64 31 66 33 31 33 62 38 61 32 65 62 64 33 38 36 34 35 65 63 35 33 35 37 63 37 62 38 34 64 32 11 69 61 4c 50
                                                                                                                                                                                                                                                                                              Data Ascii: 636680321346dbe34d8669d7b919b1d6acf89092iaLPSS2_UART2_CNL.inf:Intel CorporationBIntel CorporationHPX`jACERr""z5.123.1.10252021-12-20"00/12/16/53/39.zip*@2993a48982ef80c8d20c8f206c545fc1f0d1f313b8a2ebd38645ec5357c7b84d2iaLP
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC1255INData Raw: 22 22 7a 00 12 d1 01 0a 0d 33 30 2e 31 30 30 2e 32 30 32 30 2e 37 12 0a 32 30 32 30 2d 30 35 2d 31 32 18 81 c0 fc 07 22 12 30 30 2f 31 32 2f 31 31 2f 34 36 2f 36 37 2e 7a 69 70 2a 40 31 63 32 36 39 66 65 36 31 63 37 61 62 65 63 66 65 65 33 61 33 33 39 61 31 36 33 36 36 38 30 33 32 31 33 34 36 64 62 65 33 34 64 38 36 36 39 64 37 62 39 31 39 62 31 64 36 61 63 66 38 39 30 39 32 15 69 61 4c 50 53 53 32 5f 55 41 52 54 32 5f 43 4e 4c 2e 69 6e 66 3a 11 49 6e 74 65 6c 20 43 6f 72 70 6f 72 61 74 69 6f 6e 42 11 49 6e 74 65 6c 20 43 6f 72 70 6f 72 61 74 69 6f 6e 48 81 fe 03 50 ba ef 8e c5 05 58 eb b5 e3 05 60 00 6a 05 43 4c 45 56 4f 72 02 22 22 7a 00 12 d0 01 0a 0d 33 30 2e 31 30 30 2e 32 31 33 32 2e 32 12 0a 32 30 32 31 2d 30 38 2d 30 32 18 81 c0 fc 07 22 12 30 30
                                                                                                                                                                                                                                                                                              Data Ascii: ""z30.100.2020.72020-05-12"00/12/11/46/67.zip*@1c269fe61c7abecfee3a339a1636680321346dbe34d8669d7b919b1d6acf89092iaLPSS2_UART2_CNL.inf:Intel CorporationBIntel CorporationHPX`jCLEVOr""z30.100.2132.22021-08-02"00
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC1255INData Raw: 05 60 00 6a 05 49 4e 54 45 4c 72 02 22 22 7a 00 12 d3 01 0a 0d 33 30 2e 31 30 30 2e 31 39 31 35 2e 31 12 0a 32 30 31 39 2d 30 34 2d 30 38 18 81 c0 fc 07 22 12 30 30 2f 31 32 2f 31 31 2f 38 39 2f 39 32 2e 7a 69 70 2a 40 37 33 34 36 31 66 34 63 65 36 37 39 62 37 36 38 61 33 32 36 38 33 38 35 31 34 31 65 35 34 31 38 66 34 36 66 31 64 64 37 36 36 35 65 65 39 34 64 65 36 64 33 32 34 63 38 61 30 36 63 35 36 39 65 32 15 69 61 4c 50 53 53 32 5f 55 41 52 54 32 5f 43 4e 4c 2e 69 6e 66 3a 11 49 6e 74 65 6c 20 43 6f 72 70 6f 72 61 74 69 6f 6e 42 11 49 6e 74 65 6c 20 43 6f 72 70 6f 72 61 74 69 6f 6e 48 81 fe 03 50 ab a5 8d c6 05 58 d0 d7 e3 05 60 00 6a 07 4b 4f 4e 54 52 4f 4e 72 02 22 22 7a 00 12 cd 01 0a 0c 35 2e 31 32 33 2e 31 2e 31 30 32 35 12 0a 32 30 32 31 2d 31
                                                                                                                                                                                                                                                                                              Data Ascii: `jINTELr""z30.100.1915.12019-04-08"00/12/11/89/92.zip*@73461f4ce679b768a3268385141e5418f46f1dd7665ee94de6d324c8a06c569e2iaLPSS2_UART2_CNL.inf:Intel CorporationBIntel CorporationHPX`jKONTRONr""z5.123.1.10252021-1
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC1255INData Raw: 74 69 6f 6e 48 81 fe 03 50 de d7 a5 c6 05 58 b1 df e3 05 60 00 6a 04 4d 59 53 4e 72 02 22 22 7a 00 12 d1 01 0a 0d 33 30 2e 31 30 30 2e 32 30 32 30 2e 37 12 0a 32 30 32 30 2d 30 35 2d 31 32 18 81 c0 fc 07 22 12 30 30 2f 31 32 2f 31 31 2f 34 36 2f 36 37 2e 7a 69 70 2a 40 31 63 32 36 39 66 65 36 31 63 37 61 62 65 63 66 65 65 33 61 33 33 39 61 31 36 33 36 36 38 30 33 32 31 33 34 36 64 62 65 33 34 64 38 36 36 39 64 37 62 39 31 39 62 31 64 36 61 63 66 38 39 30 39 32 15 69 61 4c 50 53 53 32 5f 55 41 52 54 32 5f 43 4e 4c 2e 69 6e 66 3a 11 49 6e 74 65 6c 20 43 6f 72 70 6f 72 61 74 69 6f 6e 42 11 49 6e 74 65 6c 20 43 6f 72 70 6f 72 61 74 69 6f 6e 48 81 fe 03 50 ba ef 8e c5 05 58 eb b5 e3 05 60 00 6a 05 4e 45 58 4f 43 72 02 22 22 7a 00 12 d5 01 0a 0d 33 30 2e 31 30
                                                                                                                                                                                                                                                                                              Data Ascii: tionHPX`jMYSNr""z30.100.2020.72020-05-12"00/12/11/46/67.zip*@1c269fe61c7abecfee3a339a1636680321346dbe34d8669d7b919b1d6acf89092iaLPSS2_UART2_CNL.inf:Intel CorporationBIntel CorporationHPX`jNEXOCr""z30.10


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              140192.168.11.205523634.117.223.2234432752C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 273
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:08 UTC273OUTData Raw: 0a 8e 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 50 0a 03 3b 09 01 10 a4 bb 99 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 2a 08 fc 44 12 0e 0a 0a 47 61 6d 65 72 53 63 6f 72 65 10 02 12 15 0a 11 47 61 6d 65 72 53 63 6f 72 65 56 65 72 73 69 6f 6e 10 04 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557P;HealthCheckNF1(Z*DGamerScoreGamerScoreVersion`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:09 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:09 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:09 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              141192.168.11.205524234.117.223.2234435804C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:23 UTC188OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 404
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:23 UTC404OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a 75 d0 3f 6b 14 41 18 80 71 e7 82 72 ec 09 1e 27 48 10 8b 97 23 c8 9e dc ac 33 bb f3 e7 9d 6e 77 f6 76 3d 0d c1 b0 26 20 56 b9 d9 9d 83 23 8b 07 6a 20 09 16 b6 7e 04 49 2a 4b ed 52 85 34 7e 81 08 96 36 22 08 76 29 f3 01 22 f6 69 1f f8 35 4f f0 75 25 38 21 36 2d b0 10 b9 9c e4 9a 29 2c f9 44 67 b2 e4 02 65 5c 14 85 e5 1a cb 0c ad 34 89 c4 52 e5 c2 e4 52 f3 8c 69 95 31 66 4a 6d 75 21 cc b3 35 c3 1d d6 a8 34 65 ce 71 2a 12 6c a8 d3 92 d3 66 3e af f5 5c 3a 5f b3 e4 33 59 f3 4a 29 ac 85 a1 5a 0a 4d 85 13 8e 62 6d 04 f5 89 f3 b3 c4 39 df cc f1 0b 01 35 41 ab ad 95 f9 24 b1 9a a3 60 9c d9 42 48 2b 79 19 a3 54 e5 e0 88 04 9d 07 a4 7f 7e f6 e9 ef ed f0 f7 ca ab 8f 24 b8 b7 b5 04 eb a1 5c b4 ad 6f c0 1e c0 f3 a8 88 36 a2 c1 35 fd 7e f8
                                                                                                                                                                                                                                                                                              Data Ascii: u?kAqr'H#3nwv=& V#j ~I*KR4~6"v)"i5Ou%8!6-),Dge\4RRi1fJmu!54eq*lf>\:_3YJ)ZMbm95A$`BH+yT~$\o65~
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:23 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:23 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:23 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              142192.168.11.206473834.117.223.2234435172C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:37 UTC188OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 404
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:37 UTC404OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a 75 d0 3f 6b 14 41 18 80 71 e7 82 72 ec 09 1e 27 48 10 8b 97 23 c8 9e dc ac 33 bb f3 e7 9d 6e 77 f6 76 3d 0d c1 b0 26 20 56 b9 d9 9d 83 23 8b 07 6a 20 09 16 b6 7e 04 49 2a 4b ed 52 85 34 7e 81 08 96 36 62 65 67 91 22 1f 20 62 9f f6 81 5f f3 04 5f 57 82 13 62 d3 02 0b 91 cb 49 ae 99 c2 92 4f 74 26 4b 2e 50 c6 45 51 58 ae b1 cc d0 4a 93 48 2c 55 2e 4c 2e 35 cf 98 56 19 63 a6 d4 56 17 c2 3c 5b 33 dc 61 8d 4a 53 e6 1c a7 22 c1 86 3a 2d 39 6d e6 f3 5a cf a5 f3 35 4b 3e 93 35 af 94 c2 5a 18 aa a5 d0 54 38 e1 28 d6 46 50 9f 38 3f 4b 9c f3 cd 1c bf 10 50 13 b4 da 5a 99 4f 12 ab 39 0a c6 99 2d 84 b4 92 97 31 4a 55 0e 8e 48 d0 79 40 fa e7 67 9f fe dc 0e 7f af bc fa 48 82 7b 5b 4b b0 1e ca 45 db fa 06 ec 01 3c 8f 8a 68 23 1a 5c d3 ef 87
                                                                                                                                                                                                                                                                                              Data Ascii: u?kAqr'H#3nwv=& V#j ~I*KR4~6beg" b__WbIOt&K.PEQXJH,U.L.5VcV<[3aJS":-9mZ5K>5ZT8(FP8?KPZO9-1JUHy@gH{[KE<h#\
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:38 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:38 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:38 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              143192.168.11.205255834.111.24.14435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:49 UTC912OUTGET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=0&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: ipm-provider.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:49 UTC690INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:49 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: 0
                                                                                                                                                                                                                                                                                              Content-Identifier: UNKNOWN SCREEN
                                                                                                                                                                                                                                                                                              ETag: W/1505
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:45:49 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:45:49 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              144192.168.11.205255934.160.176.284435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:49 UTC726OUTGET /?p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=0&p_tcy=0&p_pct=0&p_jct=0 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: shepherd.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:49 UTC1309INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:49 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              Content-Length: 1024
                                                                                                                                                                                                                                                                                              AB-Tests: CustomCleanPaywallAB:a,UpgradeButtonAppearanceAB:b
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                                                                                              Config-Id: 33
                                                                                                                                                                                                                                                                                              Config-Name: CCleaner_test-group-health-check-new-flow_cc-ui-launch-in-the-background_distribution---custom-clean-paywall_distribution---driver-updater_hcv2-rollout_distribution---notification-centre_distribution---opswatsoftwareupdater_distribution---opswatsoftwareupdaterhc_feedback---performance-optimizer_distribution---easy-clean-ipm_showoffers3rdparty---usa-opt-out_distribution---upgrade-button-test-4b3dbf56e64bb5644fe0c78a3dcf0e84e88b011787249ffbefc04ba719486177
                                                                                                                                                                                                                                                                                              Config-Version: 265
                                                                                                                                                                                                                                                                                              Segments: test group health check new flow,cc ui launch in the background,distribution - custom clean paywall,distribution - driver updater,hcv2 rollout,distribution - notification centre,distribution - opswatsoftwareupdater,distribution - opswatsoftwareupdaterhc,feedback - performance optimizer,distribution - easy clean ipm,showoffers3rdparty - usa opt-out,distribution - upgrade button test
                                                                                                                                                                                                                                                                                              TTL: 86400
                                                                                                                                                                                                                                                                                              TTL-Spread: 43200
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:49 UTC1024INData Raw: 5b 45 6e 63 72 79 70 74 5d 0d 0a 41 42 54 65 73 74 69 6e 67 4e 61 6d 65 73 3d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 0d 0a 43 43 50 4f 43 3d 44 49 53 41 42 4c 45 44 0d 0a 44 54 4e 50 3d 31 32 30 30 0d 0a 44 55 4e 50 3d 39 30 30 0d 0a 5b 43 6f 6d 6d 6f 6e 5d 0d 0a 41 6c 70 68 61 49 6e 74 65 67 72 61 74 69 6f 6e 3d 31 0d 0a 41 6c 70 68 61 4d 69 67 72 61 74 69 6f 6e 3d 31 0d 0a 41 55 32 3d 31 0d 0a 43 43 4e 55 3d 30 0d 0a 44 72 69 76 65 72 53 63 61 6e 49 6e 74 65 72 76 61 6c 3d 37 0d 0a 44 72 69 76 65 72 55 70 64 61 74 65 72 3d 31 0d 0a 44 72 69 76 65 72 55 70 64 61 74 65 72 56 65 72 73 69 6f 6e 3d 31 0d 0a 44 75 6d 70 52 65 70 6f 72 74 69 6e 67 3d 31 0d 0a 44 55 53 6b 69 70 4f 6e 62 6f 61 72 64 69 6e 67 3d 30 0d 0a 48 43 53 6b 69 70 41 64 76 61 6e 63 65 64
                                                                                                                                                                                                                                                                                              Data Ascii: [Encrypt]ABTestingNames=HealthCheckNFCCPOC=DISABLEDDTNP=1200DUNP=900[Common]AlphaIntegration=1AlphaMigration=1AU2=1CCNU=0DriverScanInterval=7DriverUpdater=1DriverUpdaterVersion=1DumpReporting=1DUSkipOnboarding=0HCSkipAdvanced


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              145192.168.11.205256134.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:49 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 267
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:49 UTC267OUTData Raw: 0a 88 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 4a 0a 03 3b 09 01 10 f0 eb a5 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 24 08 fe 3e 12 1f 0a 1b 41 75 74 6f 55 70 64 61 74 65 53 65 72 76 69 63 65 4f 6e 46 69 6e 69 73 68 65 64 10 06 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557J;HealthCheckNF1(Z$>AutoUpdateServiceOnFinished`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:50 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:50 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:50 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              146192.168.11.205256734.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:57 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 285
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:57 UTC285OUTData Raw: 0a 9a 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 5c 0a 03 3b 09 01 10 aa d1 b0 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 36 08 9d 43 12 1d 0a 19 49 6e 74 65 72 6e 65 74 47 65 74 43 6f 6e 6e 65 63 74 65 64 53 74 61 74 65 10 02 12 12 0a 0e 43 6f 6e 6e 65 63 74 69 6f 6e 44 65 73 63 10 24 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557\;HealthCheckNF1(Z6CInternetGetConnectedStateConnectionDesc$`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:57 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:57 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:57 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              147192.168.11.205256834.111.24.14435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:57 UTC912OUTGET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=2&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: ipm-provider.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:57 UTC690INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:57 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: 0
                                                                                                                                                                                                                                                                                              Content-Identifier: UNKNOWN SCREEN
                                                                                                                                                                                                                                                                                              ETag: W/1505
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:45:57 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:45:57 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              148192.168.11.205256934.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:57 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 256
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:57 UTC256OUTData Raw: 0a fd 01 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 3f 0a 03 3b 09 01 10 bc d2 b0 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 19 08 d9 44 12 14 0a 0f 53 68 65 70 68 65 72 64 53 75 63 63 65 73 73 10 90 03 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04 40 12 52 08 08 01 10 c9 ca d8 b2
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557?;HealthCheckNF1(ZDShepherdSuccess`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H@R
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:58 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:58 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:58 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              149192.168.11.205257034.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:58 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 267
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:58 UTC267OUTData Raw: 0a 88 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 4a 0a 03 3b 09 01 10 b2 ba b1 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 24 08 fe 3e 12 1f 0a 1b 41 75 74 6f 55 70 64 61 74 65 53 65 72 76 69 63 65 4f 6e 46 69 6e 69 73 68 65 64 10 06 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557J;HealthCheckNF1(Z$>AutoUpdateServiceOnFinished`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:58 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:45:58 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:45:58 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              150192.168.11.205257134.117.223.2234437968C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:03 UTC188OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Encoding: gzip
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              Content-Length: 365
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:03 UTC365OUTData Raw: 1f 8b 08 00 00 00 00 00 00 0a 75 d0 3d 4b c3 40 1c 80 71 af a2 d4 e8 50 2a 88 88 c3 9f e2 90 4a 13 ef 92 7b dd 92 4b 2f 56 44 94 a8 20 4e 36 ed 09 c5 60 c1 17 50 71 10 37 c1 2f e0 cb e4 e8 e8 ea 57 10 74 74 d2 c9 cd b1 1f 40 71 77 7d e0 b7 3c ce e5 b0 73 8d 74 64 a4 a1 09 6b 26 02 73 99 92 a6 88 59 4a a8 64 81 31 46 13 21 d3 58 6a a6 42 26 53 9e 50 95 30 41 62 2c 78 8c b1 4a 85 16 86 aa 07 34 67 39 e7 b2 43 95 27 18 15 1e cd 69 ee c9 8e a2 9e 0d 73 db 0e f3 dc 76 77 e5 23 02 de 94 5a 68 cd 92 66 a8 05 91 14 13 ac 0d 65 9a 91 34 90 8c a7 d5 3b e4 94 66 51 e5 f6 f9 e6 6b c2 fd 1c de be 42 ce d4 46 1f b4 85 b4 57 14 b6 0b fa 14 56 7d e3 af f8 d5 7f fa 8c bb b4 7f 64 0b 37 ab 43 d2 3f b0 ee c6 4a 1d 7a ca 53 0a e3 65 48 d6 36 21 82 d0 e7 78 b1 75 06 6f ef 83
                                                                                                                                                                                                                                                                                              Data Ascii: u=K@qP*J{K/VD N6`Pq7/Wtt@qw}<stdk&sYJd1F!XjB&SP0Ab,xJ4g9C'isvw#Zhfe4;fQkBFWV}d7C?JzSeH6!xuo
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:03 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:03 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:03 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              151192.168.11.205257234.160.176.284435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:05 UTC726OUTGET /?p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=3&p_tcy=0&p_pct=0&p_jct=0 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: shepherd.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:05 UTC1309INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:05 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              Content-Length: 1024
                                                                                                                                                                                                                                                                                              AB-Tests: CustomCleanPaywallAB:a,UpgradeButtonAppearanceAB:b
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                                                                                              Config-Id: 33
                                                                                                                                                                                                                                                                                              Config-Name: CCleaner_test-group-health-check-new-flow_cc-ui-launch-in-the-background_distribution---custom-clean-paywall_distribution---driver-updater_hcv2-rollout_distribution---notification-centre_distribution---opswatsoftwareupdater_distribution---opswatsoftwareupdaterhc_feedback---performance-optimizer_distribution---easy-clean-ipm_showoffers3rdparty---usa-opt-out_distribution---upgrade-button-test-4b3dbf56e64bb5644fe0c78a3dcf0e84e88b011787249ffbefc04ba719486177
                                                                                                                                                                                                                                                                                              Config-Version: 265
                                                                                                                                                                                                                                                                                              Segments: test group health check new flow,cc ui launch in the background,distribution - custom clean paywall,distribution - driver updater,hcv2 rollout,distribution - notification centre,distribution - opswatsoftwareupdater,distribution - opswatsoftwareupdaterhc,feedback - performance optimizer,distribution - easy clean ipm,showoffers3rdparty - usa opt-out,distribution - upgrade button test
                                                                                                                                                                                                                                                                                              TTL: 86400
                                                                                                                                                                                                                                                                                              TTL-Spread: 43200
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:05 UTC1024INData Raw: 5b 45 6e 63 72 79 70 74 5d 0d 0a 41 42 54 65 73 74 69 6e 67 4e 61 6d 65 73 3d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 0d 0a 43 43 50 4f 43 3d 44 49 53 41 42 4c 45 44 0d 0a 44 54 4e 50 3d 31 32 30 30 0d 0a 44 55 4e 50 3d 39 30 30 0d 0a 5b 43 6f 6d 6d 6f 6e 5d 0d 0a 41 6c 70 68 61 49 6e 74 65 67 72 61 74 69 6f 6e 3d 31 0d 0a 41 6c 70 68 61 4d 69 67 72 61 74 69 6f 6e 3d 31 0d 0a 41 55 32 3d 31 0d 0a 43 43 4e 55 3d 30 0d 0a 44 72 69 76 65 72 53 63 61 6e 49 6e 74 65 72 76 61 6c 3d 37 0d 0a 44 72 69 76 65 72 55 70 64 61 74 65 72 3d 31 0d 0a 44 72 69 76 65 72 55 70 64 61 74 65 72 56 65 72 73 69 6f 6e 3d 31 0d 0a 44 75 6d 70 52 65 70 6f 72 74 69 6e 67 3d 31 0d 0a 44 55 53 6b 69 70 4f 6e 62 6f 61 72 64 69 6e 67 3d 30 0d 0a 48 43 53 6b 69 70 41 64 76 61 6e 63 65 64
                                                                                                                                                                                                                                                                                              Data Ascii: [Encrypt]ABTestingNames=HealthCheckNFCCPOC=DISABLEDDTNP=1200DUNP=900[Common]AlphaIntegration=1AlphaMigration=1AU2=1CCNU=0DriverScanInterval=7DriverUpdater=1DriverUpdaterVersion=1DumpReporting=1DUSkipOnboarding=0HCSkipAdvanced


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              152192.168.11.205257334.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:05 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 285
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:05 UTC285OUTData Raw: 0a 9a 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 5c 0a 03 3b 09 01 10 a2 e4 bb e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 36 08 9d 43 12 1d 0a 19 49 6e 74 65 72 6e 65 74 47 65 74 43 6f 6e 6e 65 63 74 65 64 53 74 61 74 65 10 02 12 12 0a 0e 43 6f 6e 6e 65 63 74 69 6f 6e 44 65 73 63 10 24 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557\;HealthCheckNF1(Z6CInternetGetConnectedStateConnectionDesc$`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:05 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:05 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:05 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              153192.168.11.205257434.111.24.14435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:05 UTC912OUTGET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=3&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: ipm-provider.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:05 UTC690INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:05 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: 0
                                                                                                                                                                                                                                                                                              Content-Identifier: UNKNOWN SCREEN
                                                                                                                                                                                                                                                                                              ETag: W/1505
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:46:05 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:46:05 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              154192.168.11.205257634.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:13 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 256
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:13 UTC256OUTData Raw: 0a fd 01 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 3f 0a 03 3b 09 01 10 ae a7 c7 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 19 08 d9 44 12 14 0a 0f 53 68 65 70 68 65 72 64 53 75 63 63 65 73 73 10 90 03 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04 40 12 52 08 08 01 10 d7 d3 e3 b2
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557?;HealthCheckNF1(ZDShepherdSuccess`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H@R
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:13 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:13 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:13 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              155192.168.11.205257734.111.24.14435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:13 UTC912OUTGET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=4&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: ipm-provider.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:13 UTC690INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:13 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: 0
                                                                                                                                                                                                                                                                                              Content-Identifier: UNKNOWN SCREEN
                                                                                                                                                                                                                                                                                              ETag: W/1505
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:46:13 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:46:13 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              156192.168.11.205257834.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:13 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 285
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:13 UTC285OUTData Raw: 0a 9a 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 5c 0a 03 3b 09 01 10 f0 a7 c7 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 36 08 9d 43 12 1d 0a 19 49 6e 74 65 72 6e 65 74 47 65 74 43 6f 6e 6e 65 63 74 65 64 53 74 61 74 65 10 02 12 12 0a 0e 43 6f 6e 6e 65 63 74 69 6f 6e 44 65 73 63 10 24 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557\;HealthCheckNF1(Z6CInternetGetConnectedStateConnectionDesc$`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:14 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:14 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:14 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              157192.168.11.205257934.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:14 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 267
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:14 UTC267OUTData Raw: 0a 88 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 4a 0a 03 3b 09 01 10 b8 ee c7 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 24 08 fe 3e 12 1f 0a 1b 41 75 74 6f 55 70 64 61 74 65 53 65 72 76 69 63 65 4f 6e 46 69 6e 69 73 68 65 64 10 06 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557J;HealthCheckNF1(Z$>AutoUpdateServiceOnFinished`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:14 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:14 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:14 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              158192.168.11.205258034.160.176.284435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:21 UTC726OUTGET /?p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=5&p_tcy=0&p_pct=0&p_jct=0 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: shepherd.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:21 UTC1309INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:21 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              Content-Length: 1024
                                                                                                                                                                                                                                                                                              AB-Tests: CustomCleanPaywallAB:a,UpgradeButtonAppearanceAB:b
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                                                                                              Config-Id: 33
                                                                                                                                                                                                                                                                                              Config-Name: CCleaner_test-group-health-check-new-flow_cc-ui-launch-in-the-background_distribution---custom-clean-paywall_distribution---driver-updater_hcv2-rollout_distribution---notification-centre_distribution---opswatsoftwareupdater_distribution---opswatsoftwareupdaterhc_feedback---performance-optimizer_distribution---easy-clean-ipm_showoffers3rdparty---usa-opt-out_distribution---upgrade-button-test-4b3dbf56e64bb5644fe0c78a3dcf0e84e88b011787249ffbefc04ba719486177
                                                                                                                                                                                                                                                                                              Config-Version: 265
                                                                                                                                                                                                                                                                                              Segments: test group health check new flow,cc ui launch in the background,distribution - custom clean paywall,distribution - driver updater,hcv2 rollout,distribution - notification centre,distribution - opswatsoftwareupdater,distribution - opswatsoftwareupdaterhc,feedback - performance optimizer,distribution - easy clean ipm,showoffers3rdparty - usa opt-out,distribution - upgrade button test
                                                                                                                                                                                                                                                                                              TTL: 86400
                                                                                                                                                                                                                                                                                              TTL-Spread: 43200
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:21 UTC1024INData Raw: 5b 45 6e 63 72 79 70 74 5d 0d 0a 41 42 54 65 73 74 69 6e 67 4e 61 6d 65 73 3d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 0d 0a 43 43 50 4f 43 3d 44 49 53 41 42 4c 45 44 0d 0a 44 54 4e 50 3d 31 32 30 30 0d 0a 44 55 4e 50 3d 39 30 30 0d 0a 5b 43 6f 6d 6d 6f 6e 5d 0d 0a 41 6c 70 68 61 49 6e 74 65 67 72 61 74 69 6f 6e 3d 31 0d 0a 41 6c 70 68 61 4d 69 67 72 61 74 69 6f 6e 3d 31 0d 0a 41 55 32 3d 31 0d 0a 43 43 4e 55 3d 30 0d 0a 44 72 69 76 65 72 53 63 61 6e 49 6e 74 65 72 76 61 6c 3d 37 0d 0a 44 72 69 76 65 72 55 70 64 61 74 65 72 3d 31 0d 0a 44 72 69 76 65 72 55 70 64 61 74 65 72 56 65 72 73 69 6f 6e 3d 31 0d 0a 44 75 6d 70 52 65 70 6f 72 74 69 6e 67 3d 31 0d 0a 44 55 53 6b 69 70 4f 6e 62 6f 61 72 64 69 6e 67 3d 30 0d 0a 48 43 53 6b 69 70 41 64 76 61 6e 63 65 64
                                                                                                                                                                                                                                                                                              Data Ascii: [Encrypt]ABTestingNames=HealthCheckNFCCPOC=DISABLEDDTNP=1200DUNP=900[Common]AlphaIntegration=1AlphaMigration=1AU2=1CCNU=0DriverScanInterval=7DriverUpdater=1DriverUpdaterVersion=1DumpReporting=1DUSkipOnboarding=0HCSkipAdvanced


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              159192.168.11.205258134.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:21 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 285
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:21 UTC285OUTData Raw: 0a 9a 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 5c 0a 03 3b 09 01 10 c6 9c d2 e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 36 08 9d 43 12 1d 0a 19 49 6e 74 65 72 6e 65 74 47 65 74 43 6f 6e 6e 65 63 74 65 64 53 74 61 74 65 10 02 12 12 0a 0e 43 6f 6e 6e 65 63 74 69 6f 6e 44 65 73 63 10 24 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557\;HealthCheckNF1(Z6CInternetGetConnectedStateConnectionDesc$`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:21 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:21 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:21 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              160192.168.11.205258234.111.24.14435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:21 UTC912OUTGET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=5&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: ipm-provider.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:21 UTC690INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:21 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: 0
                                                                                                                                                                                                                                                                                              Content-Identifier: UNKNOWN SCREEN
                                                                                                                                                                                                                                                                                              ETag: W/1505
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:46:21 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:46:21 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              161192.168.11.205258340.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:21 UTC437OUTPOST /TrafficShaping/CdnDiagnostics.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics/SetCdnDiagnosticsInformation"
                                                                                                                                                                                                                                                                                              Content-Length: 684
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:21 UTC684OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 53 65 74 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 53 6f 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6f 6e 2f 53 65 72 76 65 72 2f 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:SetCdnDiagnosticsInformation xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:22 UTC210INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:21 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 209
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:22 UTC209INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 53 6f 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6f 6e 2f 53 65 72 76 65 72 2f 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetCdnDiagnosticsInformationResponse xmlns="http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics"/></s:Body></s:Envelope>


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              162192.168.11.205258440.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:24 UTC437OUTPOST /TrafficShaping/CdnDiagnostics.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics/SetCdnDiagnosticsInformation"
                                                                                                                                                                                                                                                                                              Content-Length: 684
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:24 UTC684OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 53 65 74 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 53 6f 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6f 6e 2f 53 65 72 76 65 72 2f 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:SetCdnDiagnosticsInformation xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:24 UTC210INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:24 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 209
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:24 UTC209INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 53 6f 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6f 6e 2f 53 65 72 76 65 72 2f 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetCdnDiagnosticsInformationResponse xmlns="http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics"/></s:Body></s:Envelope>


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              163192.168.11.205258540.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:27 UTC437OUTPOST /TrafficShaping/CdnDiagnostics.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics/SetCdnDiagnosticsInformation"
                                                                                                                                                                                                                                                                                              Content-Length: 684
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:27 UTC684OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 53 65 74 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 53 6f 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6f 6e 2f 53 65 72 76 65 72 2f 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:SetCdnDiagnosticsInformation xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:27 UTC210INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:27 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 209
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:27 UTC209INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 53 6f 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6f 6e 2f 53 65 72 76 65 72 2f 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetCdnDiagnosticsInformationResponse xmlns="http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics"/></s:Body></s:Envelope>


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              164192.168.11.205258640.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:28 UTC437OUTPOST /TrafficShaping/CdnDiagnostics.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics/SetCdnDiagnosticsInformation"
                                                                                                                                                                                                                                                                                              Content-Length: 684
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:28 UTC684OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 53 65 74 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 53 6f 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6f 6e 2f 53 65 72 76 65 72 2f 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:SetCdnDiagnosticsInformation xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:28 UTC210INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:28 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 209
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:28 UTC209INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 53 6f 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6f 6e 2f 53 65 72 76 65 72 2f 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetCdnDiagnosticsInformationResponse xmlns="http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics"/></s:Body></s:Envelope>


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              165192.168.11.205258834.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:29 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 256
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:29 UTC256OUTData Raw: 0a fd 01 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 3f 0a 03 3b 09 01 10 d2 84 de e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 19 08 d9 44 12 14 0a 0f 53 68 65 70 68 65 72 64 53 75 63 63 65 73 73 10 90 03 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04 40 12 52 08 08 01 10 aa 82 ef b2
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557?;HealthCheckNF1(ZDShepherdSuccess`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H@R
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:29 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:29 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:29 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              166192.168.11.205258934.111.24.14435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:29 UTC912OUTGET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=6&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: ipm-provider.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:29 UTC690INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:29 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: 0
                                                                                                                                                                                                                                                                                              Content-Identifier: UNKNOWN SCREEN
                                                                                                                                                                                                                                                                                              ETag: W/1505
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:46:29 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:46:29 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              167192.168.11.205259034.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:29 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 285
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:29 UTC285OUTData Raw: 0a 9a 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 5c 0a 03 3b 09 01 10 90 85 de e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 36 08 9d 43 12 1d 0a 19 49 6e 74 65 72 6e 65 74 47 65 74 43 6f 6e 6e 65 63 74 65 64 53 74 61 74 65 10 02 12 12 0a 0e 43 6f 6e 6e 65 63 74 69 6f 6e 44 65 73 63 10 24 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557\;HealthCheckNF1(Z6CInternetGetConnectedStateConnectionDesc$`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:30 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:30 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:30 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              168192.168.11.205259134.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:30 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 267
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:30 UTC267OUTData Raw: 0a 88 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 4a 0a 03 3b 09 01 10 d6 d3 de e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 24 08 fe 3e 12 1f 0a 1b 41 75 74 6f 55 70 64 61 74 65 53 65 72 76 69 63 65 4f 6e 46 69 6e 69 73 68 65 64 10 06 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557J;HealthCheckNF1(Z$>AutoUpdateServiceOnFinished`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:30 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:30 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:30 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              169192.168.11.205259240.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:30 UTC437OUTPOST /TrafficShaping/CdnDiagnostics.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics/SetCdnDiagnosticsInformation"
                                                                                                                                                                                                                                                                                              Content-Length: 684
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:30 UTC684OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 53 65 74 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 53 6f 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6f 6e 2f 53 65 72 76 65 72 2f 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:SetCdnDiagnosticsInformation xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:31 UTC210INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:30 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 209
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:31 UTC209INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 53 6f 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6f 6e 2f 53 65 72 76 65 72 2f 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetCdnDiagnosticsInformationResponse xmlns="http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics"/></s:Body></s:Envelope>


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                              170192.168.11.205259340.119.46.46443
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:33 UTC437OUTPOST /TrafficShaping/CdnDiagnostics.asmx HTTP/1.1
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Accept-Encoding: xpress
                                                                                                                                                                                                                                                                                              User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.32
                                                                                                                                                                                                                                                                                              SOAPAction: "http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics/SetCdnDiagnosticsInformation"
                                                                                                                                                                                                                                                                                              Content-Length: 684
                                                                                                                                                                                                                                                                                              Host: tsfe.trafficshaping.dsp.mp.microsoft.com
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:33 UTC684OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 61 3a 53 65 74 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 49 6e 66 6f 72 6d 61 74 69 6f 6e 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 54 72 61 66 66 69 63 53 68 61 70 69 6e 67 2f 46 72 6f 6e 74 45 6e 64 2f 43 6f 6e 74 65 6e 74 52 65 67 75 6c 61 74 69 6f 6e 22 20 78 6d 6c 6e 73 3a 61 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 53 6f 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6f 6e 2f 53 65 72 76 65 72 2f 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><a:SetCdnDiagnosticsInformation xmlns="http://www.microsoft.com/TrafficShaping/FrontEnd/ContentRegulation" xmlns:a="http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:33 UTC210INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Cache-Control: private
                                                                                                                                                                                                                                                                                              Content-Type: text/xml; charset=utf-8
                                                                                                                                                                                                                                                                                              Server: Microsoft-IIS/10.0
                                                                                                                                                                                                                                                                                              X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:33 GMT
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              Content-Length: 209
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:33 UTC209INData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 49 6e 66 6f 72 6d 61 74 69 6f 6e 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 53 6f 66 74 77 61 72 65 44 69 73 74 72 69 62 75 74 69 6f 6e 2f 53 65 72 76 65 72 2f 43 64 6e 44 69 61 67 6e 6f 73 74 69 63 73 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                                                                                                                                                                              Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetCdnDiagnosticsInformationResponse xmlns="http://www.microsoft.com/SoftwareDistribution/Server/CdnDiagnostics"/></s:Body></s:Envelope>


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              171192.168.11.205259634.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:38 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 285
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:38 UTC285OUTData Raw: 0a 9a 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 5c 0a 03 3b 09 01 10 a6 88 ea e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 36 08 9d 43 12 1d 0a 19 49 6e 74 65 72 6e 65 74 47 65 74 43 6f 6e 6e 65 63 74 65 64 53 74 61 74 65 10 02 12 12 0a 0e 43 6f 6e 6e 65 63 74 69 6f 6e 44 65 73 63 10 24 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557\;HealthCheckNF1(Z6CInternetGetConnectedStateConnectionDesc$`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:38 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:38 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:38 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              172192.168.11.205259534.160.176.284435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:38 UTC726OUTGET /?p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=7&p_tcy=0&p_pct=0&p_jct=0 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: shepherd.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:38 UTC1309INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:38 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              Content-Length: 1024
                                                                                                                                                                                                                                                                                              AB-Tests: CustomCleanPaywallAB:a,UpgradeButtonAppearanceAB:b
                                                                                                                                                                                                                                                                                              Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                              Access-Control-Expose-Headers: Config-Id, Config-Name, Config-Version, Segments, AB-Tests, TTL, TTL-Spread
                                                                                                                                                                                                                                                                                              Config-Id: 33
                                                                                                                                                                                                                                                                                              Config-Name: CCleaner_test-group-health-check-new-flow_cc-ui-launch-in-the-background_distribution---custom-clean-paywall_distribution---driver-updater_hcv2-rollout_distribution---notification-centre_distribution---opswatsoftwareupdater_distribution---opswatsoftwareupdaterhc_feedback---performance-optimizer_distribution---easy-clean-ipm_showoffers3rdparty---usa-opt-out_distribution---upgrade-button-test-4b3dbf56e64bb5644fe0c78a3dcf0e84e88b011787249ffbefc04ba719486177
                                                                                                                                                                                                                                                                                              Config-Version: 265
                                                                                                                                                                                                                                                                                              Segments: test group health check new flow,cc ui launch in the background,distribution - custom clean paywall,distribution - driver updater,hcv2 rollout,distribution - notification centre,distribution - opswatsoftwareupdater,distribution - opswatsoftwareupdaterhc,feedback - performance optimizer,distribution - easy clean ipm,showoffers3rdparty - usa opt-out,distribution - upgrade button test
                                                                                                                                                                                                                                                                                              TTL: 86400
                                                                                                                                                                                                                                                                                              TTL-Spread: 43200
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:38 UTC1024INData Raw: 5b 45 6e 63 72 79 70 74 5d 0d 0a 41 42 54 65 73 74 69 6e 67 4e 61 6d 65 73 3d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 0d 0a 43 43 50 4f 43 3d 44 49 53 41 42 4c 45 44 0d 0a 44 54 4e 50 3d 31 32 30 30 0d 0a 44 55 4e 50 3d 39 30 30 0d 0a 5b 43 6f 6d 6d 6f 6e 5d 0d 0a 41 6c 70 68 61 49 6e 74 65 67 72 61 74 69 6f 6e 3d 31 0d 0a 41 6c 70 68 61 4d 69 67 72 61 74 69 6f 6e 3d 31 0d 0a 41 55 32 3d 31 0d 0a 43 43 4e 55 3d 30 0d 0a 44 72 69 76 65 72 53 63 61 6e 49 6e 74 65 72 76 61 6c 3d 37 0d 0a 44 72 69 76 65 72 55 70 64 61 74 65 72 3d 31 0d 0a 44 72 69 76 65 72 55 70 64 61 74 65 72 56 65 72 73 69 6f 6e 3d 31 0d 0a 44 75 6d 70 52 65 70 6f 72 74 69 6e 67 3d 31 0d 0a 44 55 53 6b 69 70 4f 6e 62 6f 61 72 64 69 6e 67 3d 30 0d 0a 48 43 53 6b 69 70 41 64 76 61 6e 63 65 64
                                                                                                                                                                                                                                                                                              Data Ascii: [Encrypt]ABTestingNames=HealthCheckNFCCPOC=DISABLEDDTNP=1200DUNP=900[Common]AlphaIntegration=1AlphaMigration=1AU2=1CCNU=0DriverScanInterval=7DriverUpdater=1DriverUpdaterVersion=1DumpReporting=1DUSkipOnboarding=0HCSkipAdvanced


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              173192.168.11.205259734.111.24.14435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:38 UTC912OUTGET /?action=1&p_elm=229&p_lng=en&p_lid=en-us&p_geo=US&p_ads=1&p_devrsrch=1&p_thrdprt=1&p_thrdtr=1&p_midex=E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49&p_hid=5c75d985-5a4f-4231-b996-70bdb906d557&p_ubs=50&p_trs=0&p_alp=0&p_jar=0&p_cclic=&p_chcc=0&p_bld=mmm_ccl_003_999_a8e_m&p_dols=15&p_sols=4&p_pts=3&p_ftc=3247&p_btc=416211141&p_pro=90&p_vep=6&p_ves=24&p_vbd=11060&p_osv=10.0&p_wsc2v_av=9011&p_gksw=0&p_chr=0&p_sbi=0&p_scbu=0&p_tos=0&p_bau=0&p_dvt=3&p_bsls=0&p_gis=0&p_fds=431419&p_cco=0&p_ccgx=0&p_cce=1&p_cced=0&p_ccnsv=0&p_ccnu=0&p_ccna=0&p_ccnl=0&p_lit=0&p_avt=cc-pro-trial&p_age=7&p_tcy=0&p_pct=0&p_jct=0&p_lex=-1&p_ccgd=0&p_ccod=0&p_ccdb=0&p_pctn=0&p_iau=0&p_qcm=0&p_hcm=1&p_sum=1&p_ost=0&p_scr=1&p_fid=20240526 HTTP/1.1
                                                                                                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (CCleaner, 6.24.11060)
                                                                                                                                                                                                                                                                                              Host: ipm-provider.ff.avast.com
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache
                                                                                                                                                                                                                                                                                              Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:38 UTC690INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:38 GMT
                                                                                                                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                                                                                                                              IPM-Asset-Base-URL: https://ipm-static.avcdn.net/content-assets-prod/,https://ipmcdn.avast.com/images/
                                                                                                                                                                                                                                                                                              Cache-Control: no-cache, no-store, must-revalidate
                                                                                                                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                                                                                                                              Expires: 0
                                                                                                                                                                                                                                                                                              Content-Identifier: UNKNOWN SCREEN
                                                                                                                                                                                                                                                                                              ETag: W/1505
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:46:38 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Set-Cookie: ClientId=adf784a2-275b-4d05-9c94-53a86bb67fd2; Max-Age=63072000; Expires=Tue, 26 May 2026 12:46:38 GMT; Secure; SameSite=None
                                                                                                                                                                                                                                                                                              Content-Length: 0
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: clear
                                                                                                                                                                                                                                                                                              Connection: close


                                                                                                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                              174192.168.11.205259834.117.223.2234435116C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:38 UTC164OUTPOST /receive3 HTTP/1.1
                                                                                                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                                                                                                              Content-Type: application/x-enc-sb
                                                                                                                                                                                                                                                                                              User-Agent: Avast Antivirus
                                                                                                                                                                                                                                                                                              Content-Length: 267
                                                                                                                                                                                                                                                                                              Host: analytics.avcdn.net
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:38 UTC267OUTData Raw: 0a 88 02 0a 68 42 40 45 38 45 34 43 35 44 43 37 30 36 38 46 31 44 37 41 35 46 31 34 38 35 32 45 45 45 42 31 37 38 46 41 38 42 35 39 33 35 38 46 36 43 34 39 43 35 37 31 41 30 37 36 41 30 30 39 46 37 42 37 45 34 39 4a 24 35 63 37 35 64 39 38 35 2d 35 61 34 66 2d 34 32 33 31 2d 62 39 39 36 2d 37 30 62 64 62 39 30 36 64 35 35 37 12 4a 0a 03 3b 09 01 10 e0 d5 ea e5 0c 1a 12 0a 0d 48 65 61 6c 74 68 43 68 65 63 6b 4e 46 12 01 31 28 df 03 5a 24 08 fe 3e 12 1f 0a 1b 41 75 74 6f 55 70 64 61 74 65 53 65 72 76 69 63 65 4f 6e 46 69 6e 69 73 68 65 64 10 06 60 01 22 44 12 0a 36 2e 32 34 2e 31 31 30 36 30 22 2f 31 30 2e 30 20 28 42 75 69 6c 64 20 31 39 30 34 32 2c 20 52 65 6c 65 61 73 65 20 32 30 30 39 2c 20 55 42 52 20 31 31 36 35 2c 20 78 36 34 29 38 68 40 00 48 f0 04
                                                                                                                                                                                                                                                                                              Data Ascii: hB@E8E4C5DC7068F1D7A5F14852EEEB178FA8B59358F6C49C571A076A009F7B7E49J$5c75d985-5a4f-4231-b996-70bdb906d557J;HealthCheckNF1(Z$>AutoUpdateServiceOnFinished`"D6.24.11060"/10.0 (Build 19042, Release 2009, UBR 1165, x64)8h@H
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:38 UTC255INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                              Server: nginx
                                                                                                                                                                                                                                                                                              Date: Sun, 26 May 2024 12:46:38 GMT
                                                                                                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                              Content-Length: 24
                                                                                                                                                                                                                                                                                              X-ASW-Receiver-Ack: processed
                                                                                                                                                                                                                                                                                              Via: 1.1 google
                                                                                                                                                                                                                                                                                              Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                              Connection: close
                                                                                                                                                                                                                                                                                              2024-05-26 12:46:38 UTC24INData Raw: 52 65 63 65 69 76 65 72 2d 41 63 6b 3a 20 70 72 6f 63 65 73 73 65 64 0a
                                                                                                                                                                                                                                                                                              Data Ascii: Receiver-Ack: processed


                                                                                                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                                                                                                                              Start time:08:43:37
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Users\user\Desktop\ccsetup624.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\ccsetup624.exe"
                                                                                                                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                                                                                                                              File size:83'689'152 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:0DA9AD07601568F130FCD4CBFDF2206B
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:3
                                                                                                                                                                                                                                                                                              Start time:08:44:07
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff74f110000
                                                                                                                                                                                                                                                                                              File size:57'360 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:F586835082F632DC8D9404D83BC16316
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                                                                                                                              Start time:08:44:15
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\CCleaner\CCleaner64.exe" /createSkipUAC
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6effd0000
                                                                                                                                                                                                                                                                                              File size:45'430'176 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:64F2F2700C072BDE21A02E45D0A05C68
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                                                                                                                              Start time:08:44:16
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\CCUpdate.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\CCleaner\CCUpdate.exe" /reg
                                                                                                                                                                                                                                                                                              Imagebase:0x880000
                                                                                                                                                                                                                                                                                              File size:714'256 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:0F0B90A01F049665CA511335F9F0BF2E
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                                                                                                                              Start time:08:44:16
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\CCUpdate.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\CCleaner\CCUpdate.exe"
                                                                                                                                                                                                                                                                                              Imagebase:0x880000
                                                                                                                                                                                                                                                                                              File size:714'256 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:0F0B90A01F049665CA511335F9F0BF2E
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                                                                                                                              Start time:08:44:18
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\CCUpdate.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                              Commandline:CCUpdate.exe /emupdater /applydll "C:\Program Files\CCleaner\Setup\605d9d3c-b428-4c6f-bed7-a0262acb20a2.dll"
                                                                                                                                                                                                                                                                                              Imagebase:0x880000
                                                                                                                                                                                                                                                                                              File size:714'256 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:0F0B90A01F049665CA511335F9F0BF2E
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                                                                                                                              Start time:08:44:18
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\CCleanerBugReport.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\CCleaner\CCleanerBugReport.exe" --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5c75d985-5a4f-4231-b996-70bdb906d557" --version "6.24.11060" --silent
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff7d2660000
                                                                                                                                                                                                                                                                                              File size:5'074'848 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:30F22B80E4FA1BEA515CE41175E94DE8
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                                                                                                                              Start time:08:44:18
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff715620000
                                                                                                                                                                                                                                                                                              File size:875'008 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:14
                                                                                                                                                                                                                                                                                              Start time:08:44:19
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\CCleaner.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\CCleaner\CCleaner.exe" 0
                                                                                                                                                                                                                                                                                              Imagebase:0x8e0000
                                                                                                                                                                                                                                                                                              File size:39'169'952 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:AB264CBE086494E6E4F57E1975F032EC
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                                                                                                                              Start time:08:44:20
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\CCleaner\CCleaner.exe" 0
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6effd0000
                                                                                                                                                                                                                                                                                              File size:45'430'176 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:64F2F2700C072BDE21A02E45D0A05C68
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000F.00000003.7317546900.000001F7D525B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000F.00000003.7319185688.000001F7D5CB6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000F.00000003.7318267290.000001F7D5B04000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000F.00000003.7317890417.000001F7D59E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                                                                                                                              Start time:08:44:30
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k NetworkService -p -s DoSvc
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff74f110000
                                                                                                                                                                                                                                                                                              File size:57'360 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:F586835082F632DC8D9404D83BC16316
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                                                                                                                              Start time:08:44:32
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6effd0000
                                                                                                                                                                                                                                                                                              File size:45'430'176 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:64F2F2700C072BDE21A02E45D0A05C68
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:20
                                                                                                                                                                                                                                                                                              Start time:08:44:32
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\wbem\unsecapp.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\wbem\unsecapp.exe -Embedding
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff60d570000
                                                                                                                                                                                                                                                                                              File size:54'272 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:019961BC381B0AB80D0912E713FF4275
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:21
                                                                                                                                                                                                                                                                                              Start time:08:44:32
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.ccleaner.com/go/app_releasenotes?p=1&v=&l=1033&b=1&a=0
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff74c7b0000
                                                                                                                                                                                                                                                                                              File size:2'509'656 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:464953824E644F10FFDC9E093FD18F94
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:22
                                                                                                                                                                                                                                                                                              Start time:08:44:33
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\CCleaner\CCleaner64.exe"
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6effd0000
                                                                                                                                                                                                                                                                                              File size:45'430'176 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:64F2F2700C072BDE21A02E45D0A05C68
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:23
                                                                                                                                                                                                                                                                                              Start time:08:44:33
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,9984978765859357333,6736122754470887956,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:8
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff74c7b0000
                                                                                                                                                                                                                                                                                              File size:2'509'656 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:464953824E644F10FFDC9E093FD18F94
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:25
                                                                                                                                                                                                                                                                                              Start time:08:44:34
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\wa_3rd_party_host_32.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                              Commandline:--pid=5804
                                                                                                                                                                                                                                                                                              Imagebase:0x350000
                                                                                                                                                                                                                                                                                              File size:2'249'008 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:DFE443F3ABEF2CE3B2FE1D3C309CE50A
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:26
                                                                                                                                                                                                                                                                                              Start time:08:44:34
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff715620000
                                                                                                                                                                                                                                                                                              File size:875'008 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:30
                                                                                                                                                                                                                                                                                              Start time:08:45:00
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe"
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff78ce40000
                                                                                                                                                                                                                                                                                              File size:1'085'856 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:21F845A804361181A6D9C49C8055F4D7
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:31
                                                                                                                                                                                                                                                                                              Start time:08:45:05
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6effd0000
                                                                                                                                                                                                                                                                                              File size:45'430'176 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:64F2F2700C072BDE21A02E45D0A05C68
                                                                                                                                                                                                                                                                                              Has elevated privileges:false
                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:32
                                                                                                                                                                                                                                                                                              Start time:08:45:05
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\CCleaner.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
                                                                                                                                                                                                                                                                                              Imagebase:0x8e0000
                                                                                                                                                                                                                                                                                              File size:39'169'952 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:AB264CBE086494E6E4F57E1975F032EC
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:33
                                                                                                                                                                                                                                                                                              Start time:08:45:06
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Program Files\CCleaner\CCleaner64.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff6effd0000
                                                                                                                                                                                                                                                                                              File size:45'430'176 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:64F2F2700C072BDE21A02E45D0A05C68
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:34
                                                                                                                                                                                                                                                                                              Start time:08:45:34
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff74f110000
                                                                                                                                                                                                                                                                                              File size:57'360 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:F586835082F632DC8D9404D83BC16316
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              General

                                                                                                                                                                                                                                                                                              Target ID:42
                                                                                                                                                                                                                                                                                              Start time:08:46:37
                                                                                                                                                                                                                                                                                              Start date:26/05/2024
                                                                                                                                                                                                                                                                                              Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                              Commandline:C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s SmsRouter
                                                                                                                                                                                                                                                                                              Imagebase:0x7ff74f110000
                                                                                                                                                                                                                                                                                              File size:57'360 bytes
                                                                                                                                                                                                                                                                                              MD5 hash:F586835082F632DC8D9404D83BC16316
                                                                                                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                                                                                                              Has administrator privileges:false
                                                                                                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                              Has exited:false

                                                                                                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                Execution Coverage:61%
                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                Signature Coverage:20%
                                                                                                                                                                                                                                                                                                Total number of Nodes:509
                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:14
                                                                                                                                                                                                                                                                                                execution_graph 1073 403640 SetErrorMode GetVersionExW 1074 403692 GetVersionExW 1073->1074 1075 4036ca 1073->1075 1074->1075 1076 403723 1075->1076 1077 406a35 5 API calls 1075->1077 1163 4069c5 GetSystemDirectoryW 1076->1163 1077->1076 1079 403739 lstrlenA 1079->1076 1080 403749 1079->1080 1166 406a35 GetModuleHandleA 1080->1166 1083 406a35 5 API calls 1084 403757 1083->1084 1085 406a35 5 API calls 1084->1085 1086 403763 #17 OleInitialize SHGetFileInfoW 1085->1086 1172 406668 lstrcpynW 1086->1172 1089 4037b0 GetCommandLineW 1173 406668 lstrcpynW 1089->1173 1091 4037c2 1174 405f64 1091->1174 1094 4038f7 1095 40390b GetTempPathW 1094->1095 1178 40360f 1095->1178 1097 403923 1099 403927 GetWindowsDirectoryW lstrcatW 1097->1099 1100 40397d DeleteFileW 1097->1100 1098 405f64 CharNextW 1102 4037f9 1098->1102 1103 40360f 12 API calls 1099->1103 1188 4030d0 GetTickCount GetModuleFileNameW 1100->1188 1102->1094 1102->1098 1107 4038f9 1102->1107 1105 403943 1103->1105 1104 403990 1108 403b6c ExitProcess OleUninitialize 1104->1108 1110 403a45 1104->1110 1117 405f64 CharNextW 1104->1117 1105->1100 1106 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 1105->1106 1109 40360f 12 API calls 1106->1109 1282 406668 lstrcpynW 1107->1282 1112 403b91 1108->1112 1113 403b7c 1108->1113 1116 403975 1109->1116 1218 403d17 1110->1218 1114 403b99 GetCurrentProcess OpenProcessToken 1112->1114 1115 403c0f ExitProcess 1112->1115 1329 405cc8 1113->1329 1120 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 1114->1120 1121 403bdf 1114->1121 1116->1100 1116->1108 1132 4039b2 1117->1132 1120->1121 1125 406a35 5 API calls 1121->1125 1122 403a54 1122->1108 1128 403be6 1125->1128 1126 403a1b 1283 40603f 1126->1283 1127 403a5c 1274 405c33 1127->1274 1130 403bfb ExitWindowsEx 1128->1130 1134 403c08 1128->1134 1130->1115 1130->1134 1132->1126 1132->1127 1333 40140b 1134->1333 1137 403a72 lstrcatW 1138 403a7d lstrcatW lstrcmpiW 1137->1138 1138->1122 1139 403a9d 1138->1139 1141 403aa2 1139->1141 1142 403aa9 1139->1142 1277 405b99 CreateDirectoryW 1141->1277 1299 405c16 CreateDirectoryW 1142->1299 1143 403a3a 1298 406668 lstrcpynW 1143->1298 1148 403aae SetCurrentDirectoryW 1149 403ac0 1148->1149 1150 403acb 1148->1150 1302 406668 lstrcpynW 1149->1302 1303 406668 lstrcpynW 1150->1303 1155 403b19 CopyFileW 1159 403ad8 1155->1159 1156 403b63 1158 406428 36 API calls 1156->1158 1158->1122 1159->1156 1160 4066a5 17 API calls 1159->1160 1162 403b4d CloseHandle 1159->1162 1304 4066a5 1159->1304 1321 406428 MoveFileExW 1159->1321 1326 405c4b CreateProcessW 1159->1326 1160->1159 1162->1159 1164 4069e7 wsprintfW LoadLibraryExW 1163->1164 1164->1079 1167 406a51 1166->1167 1168 406a5b GetProcAddress 1166->1168 1169 4069c5 3 API calls 1167->1169 1170 403750 1168->1170 1171 406a57 1169->1171 1170->1083 1171->1168 1171->1170 1172->1089 1173->1091 1175 405f6a 1174->1175 1176 4037e8 CharNextW 1175->1176 1177 405f71 CharNextW 1175->1177 1176->1102 1177->1175 1336 4068ef 1178->1336 1180 40361b 1181 403625 1180->1181 1345 405f37 lstrlenW CharPrevW 1180->1345 1181->1097 1184 405c16 2 API calls 1185 403633 1184->1185 1348 406187 1185->1348 1352 406158 GetFileAttributesW CreateFileW 1188->1352 1190 403113 1217 403120 1190->1217 1353 406668 lstrcpynW 1190->1353 1192 403136 1354 405f83 lstrlenW 1192->1354 1196 403147 GetFileSize 1197 403241 1196->1197 1216 40315e 1196->1216 1359 40302e 1197->1359 1201 403286 GlobalAlloc 1204 40329d 1201->1204 1203 4032de 1205 40302e 32 API calls 1203->1205 1207 406187 2 API calls 1204->1207 1205->1217 1206 403267 1208 4035e2 ReadFile 1206->1208 1209 4032ae CreateFileW 1207->1209 1210 403272 1208->1210 1212 4032e8 1209->1212 1209->1217 1210->1201 1210->1217 1211 40302e 32 API calls 1211->1216 1373 4035f8 SetFilePointer 1212->1373 1214 4032f6 1374 403371 1214->1374 1216->1197 1216->1203 1216->1211 1216->1217 1389 4035e2 1216->1389 1217->1104 1219 406a35 5 API calls 1218->1219 1220 403d2b 1219->1220 1221 403d31 1220->1221 1222 403d43 1220->1222 1456 4065af wsprintfW 1221->1456 1223 406536 3 API calls 1222->1223 1224 403d73 1223->1224 1225 403d92 lstrcatW 1224->1225 1227 406536 3 API calls 1224->1227 1228 403d41 1225->1228 1227->1225 1436 403fed 1228->1436 1231 40603f 18 API calls 1232 403dc4 1231->1232 1233 403e58 1232->1233 1444 406536 1232->1444 1234 40603f 18 API calls 1233->1234 1236 403e5e 1234->1236 1238 403e6e LoadImageW 1236->1238 1241 4066a5 17 API calls 1236->1241 1239 403f14 1238->1239 1240 403e95 RegisterClassW 1238->1240 1243 40140b 2 API calls 1239->1243 1242 403ecb SystemParametersInfoW CreateWindowExW 1240->1242 1273 403f1e 1240->1273 1241->1238 1242->1239 1247 403f1a 1243->1247 1244 403e17 lstrlenW 1245 403e25 lstrcmpiW 1244->1245 1246 403e4b 1244->1246 1245->1246 1250 403e35 GetFileAttributesW 1245->1250 1251 405f37 3 API calls 1246->1251 1253 403fed 18 API calls 1247->1253 1247->1273 1248 405f64 CharNextW 1249 403e14 1248->1249 1249->1244 1252 403e41 1250->1252 1254 403e51 1251->1254 1252->1246 1255 405f83 2 API calls 1252->1255 1256 403f2b 1253->1256 1457 406668 lstrcpynW 1254->1457 1255->1246 1258 403f37 ShowWindow 1256->1258 1259 403fba 1256->1259 1261 4069c5 3 API calls 1258->1261 1449 40579d OleInitialize 1259->1449 1263 403f4f 1261->1263 1262 403fc0 1264 403fc4 1262->1264 1265 403fdc 1262->1265 1266 403f5d GetClassInfoW 1263->1266 1270 4069c5 3 API calls 1263->1270 1272 40140b 2 API calls 1264->1272 1264->1273 1269 40140b 2 API calls 1265->1269 1267 403f71 GetClassInfoW RegisterClassW 1266->1267 1268 403f87 DialogBoxParamW 1266->1268 1267->1268 1271 40140b 2 API calls 1268->1271 1269->1273 1270->1266 1271->1273 1272->1273 1273->1122 1275 406a35 5 API calls 1274->1275 1276 403a61 lstrcatW 1275->1276 1276->1137 1276->1138 1278 405bea GetLastError 1277->1278 1279 403aa7 1277->1279 1278->1279 1280 405bf9 SetFileSecurityW 1278->1280 1279->1148 1280->1279 1281 405c0f GetLastError 1280->1281 1281->1279 1282->1095 1473 406668 lstrcpynW 1283->1473 1285 406050 1474 405fe2 CharNextW CharNextW 1285->1474 1288 403a27 1288->1108 1297 406668 lstrcpynW 1288->1297 1289 4068ef 5 API calls 1295 406066 1289->1295 1290 406097 lstrlenW 1291 4060a2 1290->1291 1290->1295 1292 405f37 3 API calls 1291->1292 1294 4060a7 GetFileAttributesW 1292->1294 1294->1288 1295->1288 1295->1290 1296 405f83 2 API calls 1295->1296 1480 40699e FindFirstFileW 1295->1480 1296->1290 1297->1143 1298->1110 1300 405c26 1299->1300 1301 405c2a GetLastError 1299->1301 1300->1148 1301->1300 1302->1150 1303->1159 1306 4066b2 1304->1306 1305 4068d5 1307 403b0d DeleteFileW 1305->1307 1485 406668 lstrcpynW 1305->1485 1306->1305 1309 4068a3 lstrlenW 1306->1309 1311 406536 3 API calls 1306->1311 1312 4066a5 10 API calls 1306->1312 1313 4067ba GetSystemDirectoryW 1306->1313 1315 4067cd GetWindowsDirectoryW 1306->1315 1316 4066a5 10 API calls 1306->1316 1317 406844 lstrcatW 1306->1317 1318 4068ef 5 API calls 1306->1318 1319 4067fc SHGetSpecialFolderLocation 1306->1319 1483 4065af wsprintfW 1306->1483 1484 406668 lstrcpynW 1306->1484 1307->1155 1307->1159 1309->1306 1311->1306 1312->1309 1313->1306 1315->1306 1316->1306 1317->1306 1318->1306 1319->1306 1320 406814 SHGetPathFromIDListW CoTaskMemFree 1319->1320 1320->1306 1322 40644b 1321->1322 1323 40643c 1321->1323 1322->1159 1486 4062ae 1323->1486 1327 405c8a 1326->1327 1328 405c7e CloseHandle 1326->1328 1327->1159 1328->1327 1330 405cdd 1329->1330 1331 403b89 ExitProcess 1330->1331 1332 405cf1 MessageBoxIndirectW 1330->1332 1332->1331 1334 401389 2 API calls 1333->1334 1335 401420 1334->1335 1335->1115 1343 4068fc 1336->1343 1337 406972 1338 406977 CharPrevW 1337->1338 1340 406998 1337->1340 1338->1337 1339 406965 CharNextW 1339->1337 1339->1343 1340->1180 1341 405f64 CharNextW 1341->1343 1342 406951 CharNextW 1342->1343 1343->1337 1343->1339 1343->1341 1343->1342 1344 406960 CharNextW 1343->1344 1344->1339 1346 405f53 lstrcatW 1345->1346 1347 40362d 1345->1347 1346->1347 1347->1184 1349 406194 GetTickCount GetTempFileNameW 1348->1349 1350 40363e 1349->1350 1351 4061ca 1349->1351 1350->1097 1351->1349 1351->1350 1352->1190 1353->1192 1355 405f91 1354->1355 1356 40313c 1355->1356 1357 405f97 CharPrevW 1355->1357 1358 406668 lstrcpynW 1356->1358 1357->1355 1357->1356 1358->1196 1360 403057 1359->1360 1361 40303f 1359->1361 1364 403067 GetTickCount 1360->1364 1365 40305f 1360->1365 1362 403048 DestroyWindow 1361->1362 1363 40304f 1361->1363 1362->1363 1363->1201 1363->1217 1392 4035f8 SetFilePointer 1363->1392 1364->1363 1367 403075 1364->1367 1393 406a71 1365->1393 1368 4030aa CreateDialogParamW ShowWindow 1367->1368 1369 40307d 1367->1369 1368->1363 1369->1363 1397 403012 1369->1397 1371 40308b wsprintfW 1400 4056ca 1371->1400 1373->1214 1375 403380 SetFilePointer 1374->1375 1376 40339c 1374->1376 1375->1376 1411 403479 GetTickCount 1376->1411 1379 403439 1379->1217 1382 403479 42 API calls 1383 4033d3 1382->1383 1383->1379 1384 40343f ReadFile 1383->1384 1386 4033e2 1383->1386 1384->1379 1386->1379 1387 4061db ReadFile 1386->1387 1426 40620a WriteFile 1386->1426 1387->1386 1390 4061db ReadFile 1389->1390 1391 4035f5 1390->1391 1391->1216 1392->1206 1394 406a8e PeekMessageW 1393->1394 1395 406a84 DispatchMessageW 1394->1395 1396 406a9e 1394->1396 1395->1394 1396->1363 1398 403021 1397->1398 1399 403023 MulDiv 1397->1399 1398->1399 1399->1371 1401 4056e5 1400->1401 1410 405787 1400->1410 1402 405701 lstrlenW 1401->1402 1405 4066a5 17 API calls 1401->1405 1403 40572a 1402->1403 1404 40570f lstrlenW 1402->1404 1407 405730 SetWindowTextW 1403->1407 1408 40573d 1403->1408 1406 405721 lstrcatW 1404->1406 1404->1410 1405->1402 1406->1403 1407->1408 1409 405743 SendMessageW SendMessageW SendMessageW 1408->1409 1408->1410 1409->1410 1410->1363 1412 4035d1 1411->1412 1413 4034a7 1411->1413 1414 40302e 32 API calls 1412->1414 1428 4035f8 SetFilePointer 1413->1428 1421 4033a3 1414->1421 1416 4034b2 SetFilePointer 1420 4034d7 1416->1420 1417 4035e2 ReadFile 1417->1420 1419 40302e 32 API calls 1419->1420 1420->1417 1420->1419 1420->1421 1422 40620a WriteFile 1420->1422 1423 4035b2 SetFilePointer 1420->1423 1429 406bb0 1420->1429 1421->1379 1424 4061db ReadFile 1421->1424 1422->1420 1423->1412 1425 4033bc 1424->1425 1425->1379 1425->1382 1427 406228 1426->1427 1427->1386 1428->1416 1430 406bd5 1429->1430 1431 406bdd 1429->1431 1430->1420 1431->1430 1432 406c64 GlobalFree 1431->1432 1433 406c6d GlobalAlloc 1431->1433 1434 406ce4 GlobalAlloc 1431->1434 1435 406cdb GlobalFree 1431->1435 1432->1433 1433->1430 1433->1431 1434->1430 1434->1431 1435->1434 1437 404001 1436->1437 1458 4065af wsprintfW 1437->1458 1439 404072 1459 4040a6 1439->1459 1441 403da2 1441->1231 1442 404077 1442->1441 1443 4066a5 17 API calls 1442->1443 1443->1442 1462 4064d5 1444->1462 1447 403df6 1447->1233 1447->1244 1447->1248 1448 40656a RegQueryValueExW RegCloseKey 1448->1447 1466 404610 1449->1466 1451 404610 SendMessageW 1452 4057f9 OleUninitialize 1451->1452 1452->1262 1453 4057c0 1455 4057e7 1453->1455 1469 401389 1453->1469 1455->1451 1456->1228 1457->1233 1458->1439 1460 4066a5 17 API calls 1459->1460 1461 4040b4 SetWindowTextW 1460->1461 1461->1442 1463 4064e4 1462->1463 1464 4064ed RegOpenKeyExW 1463->1464 1465 4064e8 1463->1465 1464->1465 1465->1447 1465->1448 1467 404628 1466->1467 1468 404619 SendMessageW 1466->1468 1467->1453 1468->1467 1471 401390 1469->1471 1470 4013fe 1470->1453 1471->1470 1472 4013cb MulDiv SendMessageW 1471->1472 1472->1471 1473->1285 1475 405fff 1474->1475 1479 406011 1474->1479 1477 40600c CharNextW 1475->1477 1475->1479 1476 406035 1476->1288 1476->1289 1477->1476 1478 405f64 CharNextW 1478->1479 1479->1476 1479->1478 1481 4069b4 FindClose 1480->1481 1482 4069bf 1480->1482 1481->1482 1482->1295 1483->1306 1484->1306 1485->1307 1487 406304 GetShortPathNameW 1486->1487 1488 4062de 1486->1488 1489 406423 1487->1489 1490 406319 1487->1490 1513 406158 GetFileAttributesW CreateFileW 1488->1513 1489->1322 1490->1489 1492 406321 wsprintfA 1490->1492 1495 4066a5 17 API calls 1492->1495 1493 4062e8 CloseHandle GetShortPathNameW 1493->1489 1494 4062fc 1493->1494 1494->1487 1494->1489 1496 406349 1495->1496 1514 406158 GetFileAttributesW CreateFileW 1496->1514 1498 406356 1498->1489 1499 406365 GetFileSize GlobalAlloc 1498->1499 1500 406387 1499->1500 1501 40641c CloseHandle 1499->1501 1502 4061db ReadFile 1500->1502 1501->1489 1503 40638f 1502->1503 1503->1501 1515 4060bd lstrlenA 1503->1515 1506 4063a6 lstrcpyA 1509 4063c8 1506->1509 1507 4063ba 1508 4060bd 4 API calls 1507->1508 1508->1509 1510 4063ff SetFilePointer 1509->1510 1511 40620a WriteFile 1510->1511 1512 406415 GlobalFree 1511->1512 1512->1501 1513->1493 1514->1498 1516 4060fe lstrlenA 1515->1516 1517 406106 1516->1517 1518 4060d7 lstrcmpiA 1516->1518 1517->1506 1517->1507 1518->1517 1519 4060f5 CharNextA 1518->1519 1519->1516 1520 402f93 1521 402fa5 SetTimer 1520->1521 1522 402fbe 1520->1522 1521->1522 1523 40300c 1522->1523 1524 403012 MulDiv 1522->1524 1525 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 1524->1525 1525->1523 1527 4040c5 1528 4040dd 1527->1528 1529 40423e 1527->1529 1528->1529 1530 4040e9 1528->1530 1531 40428f 1529->1531 1532 40424f GetDlgItem GetDlgItem 1529->1532 1533 4040f4 SetWindowPos 1530->1533 1534 404107 1530->1534 1536 4042e9 1531->1536 1541 401389 2 API calls 1531->1541 1535 4045c4 18 API calls 1532->1535 1533->1534 1538 404110 ShowWindow 1534->1538 1539 404152 1534->1539 1540 404279 SetClassLongW 1535->1540 1537 404610 SendMessageW 1536->1537 1542 404239 1536->1542 1569 4042fb 1537->1569 1543 404130 GetWindowLongW 1538->1543 1544 4041fc 1538->1544 1545 404171 1539->1545 1546 40415a DestroyWindow 1539->1546 1547 40140b 2 API calls 1540->1547 1548 4042c1 1541->1548 1543->1544 1550 404149 ShowWindow 1543->1550 1607 40462b 1544->1607 1552 404176 SetWindowLongW 1545->1552 1553 404187 1545->1553 1551 40454d 1546->1551 1547->1531 1548->1536 1554 4042c5 SendMessageW 1548->1554 1550->1539 1551->1542 1560 40457e ShowWindow 1551->1560 1552->1542 1553->1544 1557 404193 GetDlgItem 1553->1557 1554->1542 1555 40140b 2 API calls 1555->1569 1556 40454f DestroyWindow KiUserCallbackDispatcher 1556->1551 1558 4041c1 1557->1558 1559 4041a4 SendMessageW IsWindowEnabled 1557->1559 1562 4041ce 1558->1562 1563 404215 SendMessageW 1558->1563 1564 4041e1 1558->1564 1572 4041c6 1558->1572 1559->1542 1559->1558 1560->1542 1561 4066a5 17 API calls 1561->1569 1562->1563 1562->1572 1563->1544 1567 4041e9 1564->1567 1568 4041fe 1564->1568 1566 4045c4 18 API calls 1566->1569 1571 40140b 2 API calls 1567->1571 1570 40140b 2 API calls 1568->1570 1569->1542 1569->1555 1569->1556 1569->1561 1569->1566 1589 40448f DestroyWindow 1569->1589 1601 4045c4 1569->1601 1570->1572 1571->1572 1572->1544 1598 40459d 1572->1598 1574 404376 GetDlgItem 1575 404393 ShowWindow KiUserCallbackDispatcher 1574->1575 1576 40438b 1574->1576 1604 4045e6 KiUserCallbackDispatcher 1575->1604 1576->1575 1578 4043bd EnableWindow 1583 4043d1 1578->1583 1579 4043d6 GetSystemMenu EnableMenuItem SendMessageW 1580 404406 SendMessageW 1579->1580 1579->1583 1580->1583 1582 4040a6 18 API calls 1582->1583 1583->1579 1583->1582 1605 4045f9 SendMessageW 1583->1605 1606 406668 lstrcpynW 1583->1606 1585 404435 lstrlenW 1586 4066a5 17 API calls 1585->1586 1587 40444b SetWindowTextW 1586->1587 1588 401389 2 API calls 1587->1588 1588->1569 1589->1551 1590 4044a9 CreateDialogParamW 1589->1590 1590->1551 1591 4044dc 1590->1591 1592 4045c4 18 API calls 1591->1592 1593 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 1592->1593 1594 401389 2 API calls 1593->1594 1595 40452d 1594->1595 1595->1542 1596 404535 ShowWindow 1595->1596 1597 404610 SendMessageW 1596->1597 1597->1551 1599 4045a4 1598->1599 1600 4045aa SendMessageW 1598->1600 1599->1600 1600->1544 1602 4066a5 17 API calls 1601->1602 1603 4045cf SetDlgItemTextW 1602->1603 1603->1574 1604->1578 1605->1583 1606->1585 1608 404643 GetWindowLongW 1607->1608 1609 4046ee 1607->1609 1608->1609 1610 404658 1608->1610 1609->1542 1610->1609 1611 404685 GetSysColor 1610->1611 1612 404688 1610->1612 1611->1612 1613 404698 SetBkMode 1612->1613 1614 40468e SetTextColor 1612->1614 1615 4046b0 GetSysColor 1613->1615 1616 4046b6 1613->1616 1614->1613 1615->1616 1617 4046c7 1616->1617 1618 4046bd SetBkColor 1616->1618 1617->1609 1619 4046e1 CreateBrushIndirect 1617->1619 1620 4046da DeleteObject 1617->1620 1618->1617 1619->1609 1620->1619 1621 403c25 1622 403c40 1621->1622 1623 403c36 CloseHandle 1621->1623 1624 403c54 1622->1624 1625 403c4a CloseHandle 1622->1625 1623->1622 1630 403c82 1624->1630 1625->1624 1631 403c90 1630->1631 1632 403c59 1631->1632 1633 403c95 FreeLibrary GlobalFree 1631->1633 1634 405d74 1632->1634 1633->1632 1633->1633 1635 40603f 18 API calls 1634->1635 1636 405d94 1635->1636 1637 405db3 1636->1637 1638 405d9c DeleteFileW 1636->1638 1640 405ed3 1637->1640 1670 406668 lstrcpynW 1637->1670 1639 403c65 1638->1639 1640->1639 1645 40699e 2 API calls 1640->1645 1642 405dd9 1643 405dec 1642->1643 1644 405ddf lstrcatW 1642->1644 1647 405f83 2 API calls 1643->1647 1646 405df2 1644->1646 1648 405ef8 1645->1648 1649 405e02 lstrcatW 1646->1649 1650 405e0d lstrlenW FindFirstFileW 1646->1650 1647->1646 1648->1639 1651 405f37 3 API calls 1648->1651 1649->1650 1650->1640 1668 405e2f 1650->1668 1652 405f02 1651->1652 1654 405d2c 5 API calls 1652->1654 1653 405eb6 FindNextFileW 1657 405ecc FindClose 1653->1657 1653->1668 1656 405f0e 1654->1656 1658 405f12 1656->1658 1659 405f28 1656->1659 1657->1640 1658->1639 1662 4056ca 24 API calls 1658->1662 1661 4056ca 24 API calls 1659->1661 1661->1639 1664 405f1f 1662->1664 1663 405d74 60 API calls 1663->1668 1666 406428 36 API calls 1664->1666 1665 4056ca 24 API calls 1665->1653 1666->1639 1667 4056ca 24 API calls 1667->1668 1668->1653 1668->1663 1668->1665 1668->1667 1669 406428 36 API calls 1668->1669 1671 406668 lstrcpynW 1668->1671 1672 405d2c 1668->1672 1669->1668 1670->1642 1671->1668 1680 406133 GetFileAttributesW 1672->1680 1675 405d59 1675->1668 1676 405d47 RemoveDirectoryW 1678 405d55 1676->1678 1677 405d4f DeleteFileW 1677->1678 1678->1675 1679 405d65 SetFileAttributesW 1678->1679 1679->1675 1681 405d38 1680->1681 1682 406145 SetFileAttributesW 1680->1682 1681->1675 1681->1676 1681->1677 1682->1681

                                                                                                                                                                                                                                                                                                Callgraph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                • Opacity -> Relevance
                                                                                                                                                                                                                                                                                                • Disassembly available
                                                                                                                                                                                                                                                                                                callgraph 0 Function_00403640 3 Function_004069C5 0->3 5 Function_00405CC8 0->5 7 Function_00405C4B 0->7 8 Function_004030D0 0->8 15 Function_00405F64 0->15 18 Function_00406668 0->18 33 Function_0040140B 0->33 34 Function_0040360F 0->34 40 Function_00405C16 0->40 41 Function_00403D17 0->41 42 Function_00405B99 0->42 47 Function_004066A5 0->47 50 Function_00406428 0->50 59 Function_00405C33 0->59 61 Function_00406A35 0->61 65 Function_0040603F 0->65 1 Function_004045C4 1->47 2 Function_004040C5 2->1 16 Function_004045E6 2->16 2->18 27 Function_004045F9 2->27 31 Function_00401389 2->31 2->33 35 Function_00404610 2->35 44 Function_0040459D 2->44 2->47 49 Function_004040A6 2->49 51 Function_0040462B 2->51 4 Function_004065C8 6 Function_004056CA 6->47 11 Function_00406158 8->11 13 Function_004035E2 8->13 8->18 23 Function_00403371 8->23 25 Function_004035F8 8->25 29 Function_00405F83 8->29 30 Function_00406187 8->30 36 Function_00406B90 8->36 39 Function_00406113 8->39 46 Function_00406B22 8->46 53 Function_0040302E 8->53 9 Function_00406454 10 Function_004064D5 10->9 12 Function_004061DB 13->12 14 Function_00405FE2 14->15 17 Function_00403C67 19 Function_0040136D 19->4 20 Function_00403FED 20->4 20->47 20->49 56 Function_004065AF 20->56 21 Function_004068EF 21->15 21->39 54 Function_00405FAE 21->54 22 Function_00406A71 23->12 26 Function_00403479 23->26 32 Function_0040620A 23->32 24 Function_00405D74 24->6 24->18 24->24 24->29 45 Function_0040699E 24->45 24->50 52 Function_00405D2C 24->52 63 Function_00405F37 24->63 24->65 26->13 26->25 26->32 26->53 57 Function_00406BB0 26->57 28 Function_00403C82 28->17 31->19 60 Function_00401434 31->60 33->31 34->21 34->30 34->40 34->54 34->63 37 Function_00403012 38 Function_00402F93 38->37 41->3 41->15 41->17 41->18 41->20 41->29 41->33 43 Function_0040579D 41->43 41->47 41->56 41->61 62 Function_00406536 41->62 41->63 41->65 43->31 43->35 47->18 47->21 47->47 47->56 47->62 48 Function_00403C25 48->24 48->28 49->47 55 Function_004062AE 50->55 58 Function_00406133 52->58 53->6 53->22 53->37 55->11 55->12 55->32 55->39 55->47 64 Function_004060BD 55->64 59->61 61->3 62->10 65->14 65->18 65->21 65->29 65->45 65->63

                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                Function 00403640 Relevance: 81.0, APIs: 34, Strings: 12, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2 call 405b99 110->112 113 403aa9 call 405c16 110->113 118 403aa7 112->118 119 403aae-403abe SetCurrentDirectoryW 113->119 118->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetErrorMode.KERNEL32(00008001), ref: 00403663
                                                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                                                                                                                                                                                                                                                                • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 0040377D
                                                                                                                                                                                                                                                                                                • SHGetFileInfoW.SHELL32(00436708,00000000,?,000002B4,00000000), ref: 0040379B
                                                                                                                                                                                                                                                                                                • GetCommandLineW.KERNEL32(00468260,NSIS Error), ref: 004037B0
                                                                                                                                                                                                                                                                                                • CharNextW.USER32(00000000,004C1000,00000020,004C1000,00000000), ref: 004037E9
                                                                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00002000,004D5000,00000000,?), ref: 0040391C
                                                                                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(004D5000,00001FFB), ref: 0040392D
                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004D5000,\Temp), ref: 00403939
                                                                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00001FFC,004D5000,004D5000,\Temp), ref: 0040394D
                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004D5000,Low), ref: 00403955
                                                                                                                                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TEMP,004D5000,004D5000,Low), ref: 00403966
                                                                                                                                                                                                                                                                                                • SetEnvironmentVariableW.KERNEL32(TMP,004D5000), ref: 0040396E
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(004D1000), ref: 00403982
                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004D5000,~nsu), ref: 00403A69
                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004D5000,0040A328), ref: 00403A78
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405C16: CreateDirectoryW.KERNEL32(?,00000000,00403633,004D5000,004D5000,004D5000,004D5000,004D5000,00403923), ref: 00405C1C
                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004D5000,.tmp), ref: 00403A83
                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(004D5000,004CD000,004D5000,.tmp,004D5000,~nsu,004C1000,00000000,?), ref: 00403A8F
                                                                                                                                                                                                                                                                                                • SetCurrentDirectoryW.KERNEL32(004D5000,004D5000), ref: 00403AAF
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00432708,00432708,?,C:\Program Files\CCleaner,?), ref: 00403B0E
                                                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(004DD000,00432708,00000001), ref: 00403B21
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,00432708,00432708,?,00432708,00000000), ref: 00403B4E
                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32(?), ref: 00403B6C
                                                                                                                                                                                                                                                                                                • OleUninitialize.OLE32(?), ref: 00403B71
                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403B8B
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                                                                                                                                                                                                                                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 00403C1F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                                                                                                                                • String ID: .tmp$C:\Program Files\CCleaner$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                                                                                                                                • API String ID: 2292928366-2667110987
                                                                                                                                                                                                                                                                                                • Opcode ID: e1b1fada1b6cd5fd64246792a7b0bacf61908a72c9b00e5f69f89a687bb9d489
                                                                                                                                                                                                                                                                                                • Instruction ID: b7e5fe29903c30db736afe9723593e932e9124e443bf0bb46b5a7c6934f2d125
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1b1fada1b6cd5fd64246792a7b0bacf61908a72c9b00e5f69f89a687bb9d489
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4CE10771A00214AADB10AFB58D45B6F3EB8AB4570AF10847FF545F22D1DB7C8A81CB6D
                                                                                                                                                                                                                                                                                                Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 453 405d74-405d9a call 40603f 456 405db3-405dba 453->456 457 405d9c-405dae DeleteFileW 453->457 459 405dbc-405dbe 456->459 460 405dcd-405ddd call 406668 456->460 458 405f30-405f34 457->458 461 405dc4-405dc7 459->461 462 405ede-405ee3 459->462 466 405dec-405ded call 405f83 460->466 467 405ddf-405dea lstrcatW 460->467 461->460 461->462 462->458 465 405ee5-405ee8 462->465 468 405ef2-405efa call 40699e 465->468 469 405eea-405ef0 465->469 471 405df2-405df6 466->471 467->471 468->458 477 405efc-405f10 call 405f37 call 405d2c 468->477 469->458 474 405e02-405e08 lstrcatW 471->474 475 405df8-405e00 471->475 476 405e0d-405e29 lstrlenW FindFirstFileW 474->476 475->474 475->476 478 405ed3-405ed7 476->478 479 405e2f-405e37 476->479 493 405f12-405f15 477->493 494 405f28-405f2b call 4056ca 477->494 478->462 484 405ed9 478->484 481 405e57-405e6b call 406668 479->481 482 405e39-405e41 479->482 495 405e82-405e8d call 405d2c 481->495 496 405e6d-405e75 481->496 485 405e43-405e4b 482->485 486 405eb6-405ec6 FindNextFileW 482->486 484->462 485->481 489 405e4d-405e55 485->489 486->479 492 405ecc-405ecd FindClose 486->492 489->481 489->486 492->478 493->469 497 405f17-405f26 call 4056ca call 406428 493->497 494->458 506 405eae-405eb1 call 4056ca 495->506 507 405e8f-405e92 495->507 496->486 498 405e77-405e7b call 405d74 496->498 497->458 505 405e80 498->505 505->486 506->486 508 405e94-405ea4 call 4056ca call 406428 507->508 509 405ea6-405eac 507->509 508->486 509->486
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,75263420,75262EE0,00000000), ref: 00405D9D
                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\*.*,\*.*), ref: 00405DE5
                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\*.*,?,?,75263420,75262EE0,00000000), ref: 00405E0E
                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\*.*,?,?,75263420,75262EE0,00000000), ref: 00405E1E
                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNELBASE(00000000,?,000000F2,?,?,?,?,?), ref: 00405EBE
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 00405ECD
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                                                                                                                                • String ID: .$.$C:\Users\user\AppData\Local\Temp\nss93A4.tmp\ui\res\*.*$\*.*
                                                                                                                                                                                                                                                                                                • API String ID: 2035342205-2589794049
                                                                                                                                                                                                                                                                                                • Opcode ID: 245d5c01ebab05e38b7877f53425be69800f6a81c60e311ba8f17da888e1d14e
                                                                                                                                                                                                                                                                                                • Instruction ID: 98b2dc6bd422d61c56a8e42b80d5dd3d62c6de78452aeca085abdd1ceada4103
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 245d5c01ebab05e38b7877f53425be69800f6a81c60e311ba8f17da888e1d14e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E41D230801A15AADB21AB61CC4DABF7678EF41719F10417FF885711D1DB7C4A82DEAE
                                                                                                                                                                                                                                                                                                Function 0040699E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,0045E798,C:\,00406088,C:\,C:\,00000000,C:\,C:\,?,?,75262EE0,00405D94,?,75263420,75262EE0), ref: 004069A9
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 004069B5
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                • String ID: C:\
                                                                                                                                                                                                                                                                                                • API String ID: 2295610775-3404278061
                                                                                                                                                                                                                                                                                                • Opcode ID: c32f58e4d31b2ef6d3786c7b8b69fce70f81a3369091677325aea235ed7fe711
                                                                                                                                                                                                                                                                                                • Instruction ID: 0939914d34cf82b3cca468ead3a61b39ea3ddbd3f2cdf74c5f5b480a9345878f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c32f58e4d31b2ef6d3786c7b8b69fce70f81a3369091677325aea235ed7fe711
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9FD012B15182205FD34057386E0C84B7E989F163317258A36B8AAF11E0CB348C3697AC
                                                                                                                                                                                                                                                                                                Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 141 4040c5-4040d7 142 4040dd-4040e3 141->142 143 40423e-40424d 141->143 142->143 144 4040e9-4040f2 142->144 145 40429c-4042b1 143->145 146 40424f-404297 GetDlgItem * 2 call 4045c4 SetClassLongW call 40140b 143->146 147 4040f4-404101 SetWindowPos 144->147 148 404107-40410e 144->148 150 4042f1-4042f6 call 404610 145->150 151 4042b3-4042b6 145->151 146->145 147->148 153 404110-40412a ShowWindow 148->153 154 404152-404158 148->154 160 4042fb-404316 150->160 156 4042b8-4042c3 call 401389 151->156 157 4042e9-4042eb 151->157 161 404130-404143 GetWindowLongW 153->161 162 40422b-404239 call 40462b 153->162 163 404171-404174 154->163 164 40415a-40416c DestroyWindow 154->164 156->157 176 4042c5-4042e4 SendMessageW 156->176 157->150 159 404591 157->159 171 404593-40459a 159->171 168 404318-40431a call 40140b 160->168 169 40431f-404325 160->169 161->162 170 404149-40414c ShowWindow 161->170 162->171 174 404176-404182 SetWindowLongW 163->174 175 404187-40418d 163->175 172 40456e-404574 164->172 168->169 180 40432b-404336 169->180 181 40454f-404568 DestroyWindow KiUserCallbackDispatcher 169->181 170->154 172->159 179 404576-40457c 172->179 174->171 175->162 182 404193-4041a2 GetDlgItem 175->182 176->171 179->159 185 40457e-404587 ShowWindow 179->185 180->181 186 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 180->186 181->172 183 4041c1-4041c4 182->183 184 4041a4-4041bb SendMessageW IsWindowEnabled 182->184 187 4041c6-4041c7 183->187 188 4041c9-4041cc 183->188 184->159 184->183 185->159 213 404393-4043cf ShowWindow KiUserCallbackDispatcher call 4045e6 EnableWindow 186->213 214 40438b-404390 186->214 190 4041f7 call 40459d 187->190 191 4041da-4041df 188->191 192 4041ce-4041d4 188->192 201 4041fc 190->201 194 404215-404225 SendMessageW 191->194 196 4041e1-4041e7 191->196 192->194 195 4041d6-4041d8 192->195 194->162 195->190 199 4041e9-4041ef call 40140b 196->199 200 4041fe-404207 call 40140b 196->200 211 4041f5 199->211 200->162 209 404209-404213 200->209 201->162 209->211 211->190 217 4043d1-4043d2 213->217 218 4043d4 213->218 214->213 219 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 217->219 218->219 220 404406-404417 SendMessageW 219->220 221 404419 219->221 222 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 220->222 221->222 222->160 233 404464-404466 222->233 233->160 234 40446c-404470 233->234 235 404472-404478 234->235 236 40448f-4044a3 DestroyWindow 234->236 235->159 237 40447e-404484 235->237 236->172 238 4044a9-4044d6 CreateDialogParamW 236->238 237->160 239 40448a 237->239 238->172 240 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 238->240 239->159 240->159 245 404535-404548 ShowWindow call 404610 240->245 247 40454d 245->247 247->172
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?), ref: 00404121
                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32 ref: 00404160
                                                                                                                                                                                                                                                                                                • SetWindowLongW.USER32(?,00000000,00000000), ref: 00404179
                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,?), ref: 00404198
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                                                                                                                                                                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000001), ref: 0040425E
                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000002), ref: 00404268
                                                                                                                                                                                                                                                                                                • SetClassLongW.USER32(?,000000F2,?), ref: 00404282
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                                                                                                                                                                                                                                                                • GetDlgItem.USER32(?,00000003), ref: 00404379
                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                                                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 004043AC
                                                                                                                                                                                                                                                                                                • EnableWindow.USER32(?,?), ref: 004043C7
                                                                                                                                                                                                                                                                                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                                                                                                                                                                                                                                                                • EnableMenuItem.USER32(00000000), ref: 004043E4
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(00446748,?,00446748,00000000), ref: 00404439
                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,00446748), ref: 0040444D
                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                                                                                                                                • String ID: HgD
                                                                                                                                                                                                                                                                                                • API String ID: 121052019-3670375811
                                                                                                                                                                                                                                                                                                • Opcode ID: f0ca54b1b709ab7b6e06556346698c125ee57b0af9b2711805f2ee2a04c0cfa3
                                                                                                                                                                                                                                                                                                • Instruction ID: e6ebe5c6d144bb258484d91c8d6910a5e475318fdd1ac2ca1aecf085551c263c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f0ca54b1b709ab7b6e06556346698c125ee57b0af9b2711805f2ee2a04c0cfa3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15C1E5B1540604BBDB206F61ED89E2A3BA8FB85349F00057EF781B51F1CB795881DB1E
                                                                                                                                                                                                                                                                                                Function 00403D17 Relevance: 40.5, APIs: 13, Strings: 10, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 248 403d17-403d2f call 406a35 251 403d31-403d41 call 4065af 248->251 252 403d43-403d7a call 406536 248->252 260 403d9d-403dc6 call 403fed call 40603f 251->260 256 403d92-403d98 lstrcatW 252->256 257 403d7c-403d8d call 406536 252->257 256->260 257->256 266 403e58-403e60 call 40603f 260->266 267 403dcc-403dd1 260->267 273 403e62-403e69 call 4066a5 266->273 274 403e6e-403e93 LoadImageW 266->274 267->266 268 403dd7-403df1 call 406536 267->268 272 403df6-403dff 268->272 272->266 277 403e01-403e05 272->277 273->274 275 403f14-403f1c call 40140b 274->275 276 403e95-403ec5 RegisterClassW 274->276 291 403f26-403f31 call 403fed 275->291 292 403f1e-403f21 275->292 279 403fe3 276->279 280 403ecb-403f0f SystemParametersInfoW CreateWindowExW 276->280 282 403e17-403e23 lstrlenW 277->282 283 403e07-403e14 call 405f64 277->283 284 403fe5-403fec 279->284 280->275 285 403e25-403e33 lstrcmpiW 282->285 286 403e4b-403e53 call 405f37 call 406668 282->286 283->282 285->286 290 403e35-403e3f GetFileAttributesW 285->290 286->266 294 403e41-403e43 290->294 295 403e45-403e46 call 405f83 290->295 301 403f37-403f51 ShowWindow call 4069c5 291->301 302 403fba-403fbb call 40579d 291->302 292->284 294->286 294->295 295->286 309 403f53-403f58 call 4069c5 301->309 310 403f5d-403f6f GetClassInfoW 301->310 305 403fc0-403fc2 302->305 307 403fc4-403fca 305->307 308 403fdc-403fde call 40140b 305->308 307->292 313 403fd0-403fd7 call 40140b 307->313 308->279 309->310 311 403f71-403f81 GetClassInfoW RegisterClassW 310->311 312 403f87-403faa DialogBoxParamW call 40140b 310->312 311->312 318 403faf-403fb8 call 403c67 312->318 313->292 318->284
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(004D1000,00446748), ref: 00403D98
                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(Delete on reboot: ,?,?,?,Delete on reboot: ,00000000,004C5000,004D1000,00446748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00446748,00000000,00000002,75263420), ref: 00403E18
                                                                                                                                                                                                                                                                                                • lstrcmpiW.KERNEL32(?,.exe,Delete on reboot: ,?,?,?,Delete on reboot: ,00000000,004C5000,004D1000,00446748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00446748,00000000), ref: 00403E2B
                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(Delete on reboot: ,?,00000000), ref: 00403E36
                                                                                                                                                                                                                                                                                                • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,004C5000), ref: 00403E7F
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                                                                                                                                                                                                                                                                • RegisterClassW.USER32(00468200), ref: 00403EBC
                                                                                                                                                                                                                                                                                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ED4
                                                                                                                                                                                                                                                                                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403F09
                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000005,00000000), ref: 00403F3F
                                                                                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit20W,00468200), ref: 00403F6B
                                                                                                                                                                                                                                                                                                • GetClassInfoW.USER32(00000000,RichEdit,00468200), ref: 00403F78
                                                                                                                                                                                                                                                                                                • RegisterClassW.USER32(00468200), ref: 00403F81
                                                                                                                                                                                                                                                                                                • DialogBoxParamW.USER32(?,00000000,004040C5,00000000), ref: 00403FA0
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                                                                                                                                • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$Delete on reboot: $HgD$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                                                                                                                                • API String ID: 1975747703-2088465144
                                                                                                                                                                                                                                                                                                • Opcode ID: 73ed780f09f416afeb0c1ac763c95b156211143df06b7d62698f80c1ade7db41
                                                                                                                                                                                                                                                                                                • Instruction ID: 9dea7b71855a091a9fc58e9776c06297b5e3adb2bb06172a3bfe2df5a3e7a6f1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73ed780f09f416afeb0c1ac763c95b156211143df06b7d62698f80c1ade7db41
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8961E570140301BAD720AF66AD49F2B3AACEB85B49F00457FF945B21E2DB7D8D418A2D
                                                                                                                                                                                                                                                                                                Function 004030D0 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 204memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 322 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 325 403120-403125 322->325 326 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 322->326 327 40336a-40336e 325->327 334 403243-403251 call 40302e 326->334 335 40315e 326->335 341 403322-403327 334->341 342 403257-40325a 334->342 337 403163-40317a 335->337 339 40317c 337->339 340 40317e-403187 call 4035e2 337->340 339->340 348 40318d-403194 340->348 349 4032de-4032e6 call 40302e 340->349 341->327 344 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 342->344 345 40325c-403274 call 4035f8 call 4035e2 342->345 370 4032d4-4032d9 344->370 371 4032e8-403318 call 4035f8 call 403371 344->371 345->341 373 40327a-403280 345->373 354 403210-403214 348->354 355 403196-4031aa call 406113 348->355 349->341 359 403216-40321d call 40302e 354->359 360 40321e-403224 354->360 355->360 369 4031ac-4031b3 355->369 359->360 366 403233-40323b 360->366 367 403226-403230 call 406b22 360->367 366->337 372 403241 366->372 367->366 369->360 376 4031b5-4031bc 369->376 370->327 383 40331d-403320 371->383 372->334 373->341 373->344 376->360 378 4031be-4031c5 376->378 378->360 380 4031c7-4031ce 378->380 380->360 382 4031d0-4031f0 380->382 382->341 384 4031f6-4031fa 382->384 383->341 385 403329-40333a 383->385 386 403202-40320a 384->386 387 4031fc-403200 384->387 388 403342-403347 385->388 389 40333c 385->389 386->360 391 40320c-40320e 386->391 387->372 387->386 390 403348-40334e 388->390 389->388 390->390 392 403350-403368 call 406113 390->392 391->360 392->327
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004030E4
                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,004DD000,00002000), ref: 00403100
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406158: GetFileAttributesW.KERNEL32(?,00403113,004DD000,80000000,00000003), ref: 0040615C
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406158: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,004E1000,00000000,004CD000,004CD000,004DD000,004DD000,80000000,00000003), ref: 00403149
                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,?), ref: 0040328B
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • hA, xrefs: 00403291
                                                                                                                                                                                                                                                                                                • Null, xrefs: 004031C7
                                                                                                                                                                                                                                                                                                • soft, xrefs: 004031BE
                                                                                                                                                                                                                                                                                                • Inst, xrefs: 004031B5
                                                                                                                                                                                                                                                                                                • Error writing temporary file. Make sure your temp folder is valid., xrefs: 004032D4
                                                                                                                                                                                                                                                                                                • Error launching installer, xrefs: 00403120
                                                                                                                                                                                                                                                                                                • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00403322
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                                                                                                                                • String ID: Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$hA$soft
                                                                                                                                                                                                                                                                                                • API String ID: 2803837635-3376623841
                                                                                                                                                                                                                                                                                                • Opcode ID: f59823c2a128386961df4e262b154234ded0fc9cd9d02a9ac59c48cecd3c7a25
                                                                                                                                                                                                                                                                                                • Instruction ID: 1bcc98e1504a37ecc5eb7fbfcd7f57d5c625885083fa168b6d57319d9c73866f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f59823c2a128386961df4e262b154234ded0fc9cd9d02a9ac59c48cecd3c7a25
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9971B171941204ABDB20DFA5DD85B9E3AACAB04316F20857FF905B72D2DB789E408B5C
                                                                                                                                                                                                                                                                                                Function 004066A5 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 196stringCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 395 4066a5-4066b0 396 4066b2-4066c1 395->396 397 4066c3-4066d9 395->397 396->397 398 4066f1-4066fa 397->398 399 4066db-4066e8 397->399 401 406700 398->401 402 4068d5-4068e0 398->402 399->398 400 4066ea-4066ed 399->400 400->398 403 406705-406712 401->403 404 4068e2-4068e6 call 406668 402->404 405 4068eb-4068ec 402->405 403->402 406 406718-406721 403->406 404->405 408 4068b3 406->408 409 406727-406764 406->409 412 4068c1-4068c4 408->412 413 4068b5-4068bf 408->413 410 406857-40685c 409->410 411 40676a-406771 409->411 417 40685e-406864 410->417 418 40688f-406894 410->418 414 406773-406775 411->414 415 406776-406778 411->415 416 4068c6-4068cf 412->416 413->416 414->415 419 4067b5-4067b8 415->419 420 40677a-406798 call 406536 415->420 416->402 423 406702 416->423 424 406874-406880 call 406668 417->424 425 406866-406872 call 4065af 417->425 421 4068a3-4068b1 lstrlenW 418->421 422 406896-40689e call 4066a5 418->422 429 4067c8-4067cb 419->429 430 4067ba-4067c6 GetSystemDirectoryW 419->430 434 40679d-4067a1 420->434 421->416 422->421 423->403 433 406885-40688b 424->433 425->433 436 406834-406836 429->436 437 4067cd-4067db GetWindowsDirectoryW 429->437 435 406838-40683c 430->435 433->421 438 40688d 433->438 440 4067a7-4067b0 call 4066a5 434->440 441 40683e-406842 434->441 435->441 442 40684f-406855 call 4068ef 435->442 436->435 439 4067dd-4067e5 436->439 437->436 438->442 446 4067e7-4067f0 439->446 447 4067fc-406812 SHGetSpecialFolderLocation 439->447 440->435 441->442 444 406844-40684a lstrcatW 441->444 442->421 444->442 452 4067f8-4067fa 446->452 448 406830 447->448 449 406814-40682e SHGetPathFromIDListW CoTaskMemFree 447->449 448->436 449->435 449->448 452->435 452->447
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(Delete on reboot: ,00002000), ref: 004067C0
                                                                                                                                                                                                                                                                                                • GetWindowsDirectoryW.KERNEL32(Delete on reboot: ,00002000,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\,?), ref: 004067D3
                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(Delete on reboot: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(Delete on reboot: ,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\,?), ref: 004068A4
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                                                                                                                                • String ID: C:\Program Files\CCleaner$Delete on reboot: $Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                                                                                                                                • API String ID: 4260037668-2771910104
                                                                                                                                                                                                                                                                                                • Opcode ID: 0f5a8af760075a28b239619660895707e83ab57078bead619950fa75d628ea59
                                                                                                                                                                                                                                                                                                • Instruction ID: 8e3ecdcd1f33a8191bdbbf481d2aa87b9147467fb839849d6121fd5a880d6789
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f5a8af760075a28b239619660895707e83ab57078bead619950fa75d628ea59
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A161E272902215EADB10AF64DC54BAA37A5EF10314F22C13FE907B62D0EB7D49A1CB4D
                                                                                                                                                                                                                                                                                                Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 517 4056ca-4056df 518 4056e5-4056f6 517->518 519 405796-40579a 517->519 520 405701-40570d lstrlenW 518->520 521 4056f8-4056fc call 4066a5 518->521 522 40572a-40572e 520->522 523 40570f-40571f lstrlenW 520->523 521->520 526 405730-405737 SetWindowTextW 522->526 527 40573d-405741 522->527 523->519 525 405721-405725 lstrcatW 523->525 525->522 526->527 528 405743-405785 SendMessageW * 3 527->528 529 405787-405789 527->529 528->529 529->519 530 40578b-40578e 529->530 530->519
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\,00000000,00000000,00000000), ref: 00405702
                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(?,Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\,00000000,00000000,00000000), ref: 00405712
                                                                                                                                                                                                                                                                                                • lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\,?), ref: 00405725
                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\), ref: 00405737
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,0000104D,00000000,?), ref: 00405777
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004066A5: lstrcatW.KERNEL32(Delete on reboot: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004066A5: lstrlenW.KERNEL32(Delete on reboot: ,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\,?), ref: 004068A4
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                                                                                                                                • String ID: Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\
                                                                                                                                                                                                                                                                                                • API String ID: 1495540970-5069195
                                                                                                                                                                                                                                                                                                • Opcode ID: 779e989e11e7f56ecd15eb762b90414c7a0500fd8ad26af2e56af92178675a1e
                                                                                                                                                                                                                                                                                                • Instruction ID: c237e01f64be4bcbd85ac878387eaebe6c7da7ae9e1135af4804bf1e214aac79
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 779e989e11e7f56ecd15eb762b90414c7a0500fd8ad26af2e56af92178675a1e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D4217A71900518BADB119FA6DD84A8EBFB8EB45360F10817AE904B62A0D77A4A509F68
                                                                                                                                                                                                                                                                                                Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 531 40302e-40303d 532 403057-40305d 531->532 533 40303f-403046 531->533 536 403067-403073 GetTickCount 532->536 537 40305f-403060 call 406a71 532->537 534 403048-403049 DestroyWindow 533->534 535 40304f-403055 533->535 534->535 538 4030cd-4030cf 535->538 536->538 540 403075-40307b 536->540 541 403065 537->541 542 4030aa-4030c7 CreateDialogParamW ShowWindow 540->542 543 40307d-403084 540->543 541->538 542->538 543->538 544 403086-4030a8 call 403012 wsprintfW call 4056ca 543->544 544->538
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • DestroyWindow.USER32(00000000,00000000), ref: 00403049
                                                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 00403067
                                                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00403095
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004056CA: lstrlenW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\,00000000,00000000,00000000), ref: 00405702
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004056CA: lstrlenW.KERNEL32(?,Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\,00000000,00000000,00000000), ref: 00405712
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004056CA: lstrcatW.KERNEL32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\,?), ref: 00405725
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004056CA: SetWindowTextW.USER32(Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\,Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\), ref: 00405737
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,?), ref: 00405777
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                                                                                                                                                                                                                                                                • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 004030B9
                                                                                                                                                                                                                                                                                                • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00403012: MulDiv.KERNEL32(00000000,00000064,00000D8C), ref: 00403027
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                                                                                                                                                                                • String ID: ... %d%%
                                                                                                                                                                                                                                                                                                • API String ID: 722711167-2449383134
                                                                                                                                                                                                                                                                                                • Opcode ID: b96e6991d0c7969a54bdb9f87a9b73a390a5cde649e58c265d877852c56d0d91
                                                                                                                                                                                                                                                                                                • Instruction ID: d0b0674b86f3708cac1fb91578ec3f8672b393e5989b1c53146f6732e99da21d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b96e6991d0c7969a54bdb9f87a9b73a390a5cde649e58c265d877852c56d0d91
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6501A170413614EBC721BF60AE09E6A3F6CAB00B06F10417BF445B11E9DA784A44DB9E
                                                                                                                                                                                                                                                                                                Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 558 4069c5-4069e5 GetSystemDirectoryW 559 4069e7 558->559 560 4069e9-4069eb 558->560 559->560 561 4069fc-4069fe 560->561 562 4069ed-4069f6 560->562 564 4069ff-406a32 wsprintfW LoadLibraryExW 561->564 562->561 563 4069f8-4069fa 562->563 563->564
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00406A17
                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A2B
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                                                                                                                                • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                                                                                                                                • API String ID: 2200240437-1946221925
                                                                                                                                                                                                                                                                                                • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                                                                                                                                                                                                • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                                                                                                                                                                                                                                                                Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 549 402f93-402fa3 550 402fa5-402fb7 SetTimer 549->550 551 402fbe-402fc5 549->551 550->551 552 402fc7-402fd8 call 403012 551->552 553 40300c-40300f 551->553 556 402fda 552->556 557 402fdf-403007 wsprintfW SetWindowTextW SetDlgItemTextW 552->557 556->557 557->553
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                                                                                                                                • wsprintfW.USER32 ref: 00402FE5
                                                                                                                                                                                                                                                                                                • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 00403007
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                                                                                                                                • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                                                                                                                                                                                • API String ID: 1451636040-1158693248
                                                                                                                                                                                                                                                                                                • Opcode ID: 122dbfa73d189dec6b584737e36c9d6329801f9922e0a46e077e2d4fb5e8edf8
                                                                                                                                                                                                                                                                                                • Instruction ID: c9ba9f1a6d93a88d7e45fda5c825515dfdbc732e58bea81489804385b4326db2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 122dbfa73d189dec6b584737e36c9d6329801f9922e0a46e077e2d4fb5e8edf8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52F0497050020DABEF246F60DD49BEA3B69FB00309F00803AF605B51D0DFBD99559F59
                                                                                                                                                                                                                                                                                                Function 00403479 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 565 403479-4034a1 GetTickCount 566 4035d1-4035d3 call 40302e 565->566 567 4034a7-4034d2 call 4035f8 SetFilePointer 565->567 570 4035d8-4035d9 566->570 573 4034d7-4034e9 567->573 572 4035db-4035df 570->572 574 4034eb 573->574 575 4034ed-4034fb call 4035e2 573->575 574->575 578 403501-40350d 575->578 579 4035c3-4035c6 575->579 580 403513-403519 578->580 579->572 581 403544-403560 call 406bb0 580->581 582 40351b-403521 580->582 587 403562-40356a 581->587 588 4035cc 581->588 582->581 584 403523-40353e call 40302e 582->584 589 403543 584->589 591 40356c-403574 call 40620a 587->591 592 40358d-403593 587->592 590 4035ce-4035cf 588->590 589->581 590->572 595 403579-40357b 591->595 592->588 594 403595-403597 592->594 594->588 596 403599-4035ac 594->596 597 4035c8-4035ca 595->597 598 40357d-403589 595->598 596->573 599 4035b2-4035c1 SetFilePointer 596->599 597->590 598->580 600 40358b 598->600 599->566 600->596
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0040348D
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004035F8: SetFilePointer.KERNEL32(?,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(0C21DAE8,00000000,00000000,004266F0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FilePointer$CountTick
                                                                                                                                                                                                                                                                                                • String ID: hA
                                                                                                                                                                                                                                                                                                • API String ID: 1092082344-2144240161
                                                                                                                                                                                                                                                                                                • Opcode ID: 750a878c2002948a62ecb778d5e10ba58c3a61611a61bdd070a2bf0f36eb9dc3
                                                                                                                                                                                                                                                                                                • Instruction ID: fbc15916fd798e890252dfa94d77e606639a9ce4decfb061337eb3c4842bfdd2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 750a878c2002948a62ecb778d5e10ba58c3a61611a61bdd070a2bf0f36eb9dc3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 41318F76510205EFDB249F6AEE448663BACF75431AB91853FE900B22F0C7749D41DB1D
                                                                                                                                                                                                                                                                                                Function 00405B99 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 601 405b99-405be4 CreateDirectoryW 602 405be6-405be8 601->602 603 405bea-405bf7 GetLastError 601->603 604 405c11-405c13 602->604 603->604 605 405bf9-405c0d SetFileSecurityW 603->605 605->602 606 405c0f GetLastError 605->606 606->604
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,?,004D5000), ref: 00405BDC
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00405BF0
                                                                                                                                                                                                                                                                                                • SetFileSecurityW.ADVAPI32(?,80000007,?), ref: 00405C05
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00405C0F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3449924974-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                                                                                                                                                                                                • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                                                                                                                                                                                                                                                                Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 607 40603f-40605a call 406668 call 405fe2 612 406060-40606d call 4068ef 607->612 613 40605c-40605e 607->613 617 40607d-406081 612->617 618 40606f-406075 612->618 614 4060b8-4060ba 613->614 620 406097-4060a0 lstrlenW 617->620 618->613 619 406077-40607b 618->619 619->613 619->617 621 4060a2-4060b6 call 405f37 GetFileAttributesW 620->621 622 406083-40608a call 40699e 620->622 621->614 627 406091-406092 call 405f83 622->627 628 40608c-40608f 622->628 627->620 628->613 628->627
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00002000,004037B0,00468260,NSIS Error), ref: 00406675
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405FE2: CharNextW.USER32(?,?,C:\,?,00406056,C:\,C:\,?,?,75262EE0,00405D94,?,75263420,75262EE0,00000000), ref: 00405FF0
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                                                                                                                                                                                                • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,?,?,75262EE0,00405D94,?,75263420,75262EE0,00000000), ref: 00406098
                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,75262EE0,00405D94,?,75263420,75262EE0), ref: 004060A8
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                                                                                                                                • String ID: C:\
                                                                                                                                                                                                                                                                                                • API String ID: 3248276644-3404278061
                                                                                                                                                                                                                                                                                                • Opcode ID: 77afb20a399829901eeb2616cf50406cf80fbc104d036c9dbef5b1c8f04b69ca
                                                                                                                                                                                                                                                                                                • Instruction ID: 0737f55430a313993fa73fc83ee1aa9f84f264a9a856b81b34839b93064caae8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 77afb20a399829901eeb2616cf50406cf80fbc104d036c9dbef5b1c8f04b69ca
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CDF07D26145A1215E621B2350C05BAF05158F82314B07063FFD53B22E1DF3C8973C53E
                                                                                                                                                                                                                                                                                                Function 00406536 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 630 406536-406568 call 4064d5 633 4065a6 630->633 634 40656a-406598 RegQueryValueExW RegCloseKey 630->634 636 4065aa-4065ac 633->636 634->633 635 40659a-40659e 634->635 635->636 637 4065a0-4065a4 635->637 637->633 637->636
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNEL32(?,?,00000000,?,?,?,00000000,?,?,?,?,Delete on reboot: ,?,?,0040679D,80000002), ref: 0040657C
                                                                                                                                                                                                                                                                                                • RegCloseKey.KERNEL32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,Delete on reboot: ,Delete on reboot: ,Delete on reboot: ,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\,?), ref: 00406587
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseQueryValue
                                                                                                                                                                                                                                                                                                • String ID: Delete on reboot:
                                                                                                                                                                                                                                                                                                • API String ID: 3356406503-2410499825
                                                                                                                                                                                                                                                                                                • Opcode ID: 550d5fe316565dec20d5196d1d20fe7c807bd52d6266540c79109f3c5ea7b4a7
                                                                                                                                                                                                                                                                                                • Instruction ID: 1fbcc26cc6b857459d5a583c8ac9bd3aa1479396c6e4517460947190b04d1158
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 550d5fe316565dec20d5196d1d20fe7c807bd52d6266540c79109f3c5ea7b4a7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8017C72500209FADF22CF51DD09EDB3BA8EF54364F01403AFD16A2190D738DA64DBA4
                                                                                                                                                                                                                                                                                                Function 00406187 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 638 406187-406193 639 406194-4061c8 GetTickCount GetTempFileNameW 638->639 640 4061d7-4061d9 639->640 641 4061ca-4061cc 639->641 643 4061d1-4061d4 640->643 641->639 642 4061ce 641->642 642->643
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 004061A5
                                                                                                                                                                                                                                                                                                • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,?,0040363E,004D1000,004D5000,004D5000,004D5000,004D5000,004D5000,004D5000,00403923), ref: 004061C0
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CountFileNameTempTick
                                                                                                                                                                                                                                                                                                • String ID: nsa
                                                                                                                                                                                                                                                                                                • API String ID: 1716503409-2209301699
                                                                                                                                                                                                                                                                                                • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                                                                                                                                                                                                • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                                                                                                                                                                                                                                                                Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                                                                                                                                                                                                • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                                                                                                                                                                                                                                                                Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406133: GetFileAttributesW.KERNEL32(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406133: SetFileAttributesW.KERNEL32(?,00000000), ref: 0040614C
                                                                                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405F0E,?,?,?,?), ref: 00405D47
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,00000000,00405F0E,?,?,?,?), ref: 00405D4F
                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1655745494-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                                                                                                                                                                                                                                                                • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                                                                                                                                                                                                                                                                                                Function 00403C25 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,004D5000,00403B71,?), ref: 00403C37
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,004D5000,00403B71,?), ref: 00403C4B
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • C:\Users\user\AppData\Local\Temp\nss93A4.tmp\, xrefs: 00403C5B
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                • String ID: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\
                                                                                                                                                                                                                                                                                                • API String ID: 2962429428-1341184729
                                                                                                                                                                                                                                                                                                • Opcode ID: b65d5125f7af19368a8f54306a96881eedfedc56b415c9f5f716045bb47441d2
                                                                                                                                                                                                                                                                                                • Instruction ID: 921610d4f61b2ce697996883f180282c4450b9c5674dcef84fe4429242fac5e3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b65d5125f7af19368a8f54306a96881eedfedc56b415c9f5f716045bb47441d2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 22E02C3240471892E124AF3CAE0D9853B284F003363208327F138F20F0C7389EAB8AAD
                                                                                                                                                                                                                                                                                                Function 0040459D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000408,?,00000000,004041FC), ref: 004045BB
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID: x
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-2363233923
                                                                                                                                                                                                                                                                                                • Opcode ID: d45b2b099a9db55183290d305e1c8a4c381caf48d9a788f6232c56c47184b1fa
                                                                                                                                                                                                                                                                                                • Instruction ID: e07dcc7b07026b92a5f0f320dd63142a29bcaf1e01aca391c2fd268d2a253cf7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d45b2b099a9db55183290d305e1c8a4c381caf48d9a788f6232c56c47184b1fa
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DC01272146600FBCA404B00EE04F067B21B7A4B02F2085BDF785240B48A708861DB0D
                                                                                                                                                                                                                                                                                                Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                • Opcode ID: bb1e4cebc5dcbbcc8da6da60d5f6c2def6aeab654d6aef171c0c34421c327544
                                                                                                                                                                                                                                                                                                • Instruction ID: 5b87ae666d03a85e0880c8fa6797b588b85de508064ca19fb956cb10fba5bdd7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bb1e4cebc5dcbbcc8da6da60d5f6c2def6aeab654d6aef171c0c34421c327544
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA317F70100219FFDB129F65ED85E9A3F68EF04355F10403AF905EA1A1D778DA50DBA9
                                                                                                                                                                                                                                                                                                Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 933049ac38a9dfba668b30bbb75d7fbb807da3e94af494bfd8c0503ec6455ea0
                                                                                                                                                                                                                                                                                                • Instruction ID: 78bdf42a2e7415e9e902a73772ee10ad2712d102aa3be259db39fbfb79589c6f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 933049ac38a9dfba668b30bbb75d7fbb807da3e94af494bfd8c0503ec6455ea0
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4301F431621220DBE7195B389D15B2A3798E710714F10827FF855F65F1EA78CC029B5D
                                                                                                                                                                                                                                                                                                Function 0040579D Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • OleInitialize.OLE32(00000000), ref: 004057AD
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00404610: SendMessageW.USER32(?,?,00000000,00000000), ref: 00404622
                                                                                                                                                                                                                                                                                                • OleUninitialize.OLE32(00000404,00000000), ref: 004057F9
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2896919175-0
                                                                                                                                                                                                                                                                                                • Opcode ID: c17e58c0715fda5e27fbb1d6d987873cc447976cbfa601eb2f41f7de6a344bdf
                                                                                                                                                                                                                                                                                                • Instruction ID: 1f09335cd6806d002052564a2774367b74bd17903a0f85d2dee97eff9fd6859b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c17e58c0715fda5e27fbb1d6d987873cc447976cbfa601eb2f41f7de6a344bdf
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05F09077401600CAE6115B54AD09B1BB764EB84304F15447FEF89B32F2D7794C819A1C
                                                                                                                                                                                                                                                                                                Function 00406A71 Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • DispatchMessageW.USER32(?), ref: 00406A88
                                                                                                                                                                                                                                                                                                • PeekMessageW.USER32(?,00000000,?,?,00000001), ref: 00406A98
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Message$DispatchPeek
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1770753511-0
                                                                                                                                                                                                                                                                                                • Opcode ID: bdc6372236523eb985e0a70d8f5641f701835af90f775e297b88e253e9004784
                                                                                                                                                                                                                                                                                                • Instruction ID: 01d37a3be34916f82a060372738184f3c57e3809da656a1c73280bbea51b1a64
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bdc6372236523eb985e0a70d8f5641f701835af90f775e297b88e253e9004784
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ACE08673A00119AADA00BB999D05FCB77AC9F95750F014032FA01F7085D6B8E5128BB8
                                                                                                                                                                                                                                                                                                Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004069C5: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406A2B
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2547128583-0
                                                                                                                                                                                                                                                                                                • Opcode ID: a89557e88259ac32882439a66efe2bded2b7fe37332f597cb2162f61758b0433
                                                                                                                                                                                                                                                                                                • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a89557e88259ac32882439a66efe2bded2b7fe37332f597cb2162f61758b0433
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                                                                                                                                                                                                                                                                Function 00403C82 Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(?,75263420,00000000,75262EE0,00403C59,004D5000,00403B71,?), ref: 00403C9C
                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(?), ref: 00403CA3
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Free$GlobalLibrary
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1100898210-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 2a86947fa487daa32dcc43c26702b782f848b113cba98dbefa6102dc3ebead95
                                                                                                                                                                                                                                                                                                • Instruction ID: 939030b1e392061c62bfbe29faa39e1a18c0ad9d96dce6b22b968216b9e07afe
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2a86947fa487daa32dcc43c26702b782f848b113cba98dbefa6102dc3ebead95
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24E012335056206BD6215F55FF0875A776DAF45B2AF07403BE980BB26087785C424BD8
                                                                                                                                                                                                                                                                                                Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,00403113,004DD000,80000000,00000003), ref: 0040615C
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: File$AttributesCreate
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 415043291-0
                                                                                                                                                                                                                                                                                                • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                                                                                                                                                                                                • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                                                                                                                                                                                                                                                                Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000000), ref: 0040614C
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                                                                                • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                                                                                                                                                                                                                                                                Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,00403633,004D5000,004D5000,004D5000,004D5000,004D5000,00403923), ref: 00405C1C
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00405C2A
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1375471231-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                                                                                                                                                                                                • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                                                                                                                                                                                                                                                                Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(?,?,?,?,00000000,004266F0,0041E6F0,004035F5,?,?,004034F9,004266F0,00004000,?,00000000,004033A3), ref: 004061EF
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FileRead
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2738559852-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                                                                                • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                                                                                                                                                                                                                                                                Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,?,?,00000000,0041F47C,0041E6F0,00403579,0041E6F0,0041F47C,004266F0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FileWrite
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3934441357-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                                                                                • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                                                                                                                                                                                                                                                                Function 004064D5 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNEL32(00000000,?,00000000,?,?,?,?,?,00406563,?,?,?,?,Delete on reboot: ,?), ref: 004064F9
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                                                                                • Instruction ID: 5036765eb4ab6e58186d81024f5778724aa2024cd81e2e1d5ca813995cf5404a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BAD0123210020DBBDF115F90AD01FAB375DAB08310F018426FE06A4092D775D534A728
                                                                                                                                                                                                                                                                                                Function 00406428 Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • MoveFileExW.KERNEL32(?,?,00000005,00405F26,?,00000000,000000F1,?,?,?,?,?), ref: 00406432
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062AE: CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062AE: GetShortPathNameW.KERNEL32(?,0045EDE8,00000400), ref: 004062F2
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062AE: GetShortPathNameW.KERNEL32(?,0045F5E8,00000400), ref: 0040630F
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062AE: wsprintfA.USER32 ref: 0040632D
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062AE: GetFileSize.KERNEL32(00000000,00000000,0045F5E8,C0000000,00000004,0045F5E8,?), ref: 00406368
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062AE: GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406377
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062AE: lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 004063AF
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004062AE: SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,0045E9E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: File$NamePathShort$AllocCloseGlobalHandleMovePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1930046112-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b93eef36521c53b9671f6bdb1d9590fd7c7e07a420c4cc51db7f113785248ed1
                                                                                                                                                                                                                                                                                                • Instruction ID: f01997076a5effdfc26615293055f86edba5e308ca0a5145d156283e7c9e339e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b93eef36521c53b9671f6bdb1d9590fd7c7e07a420c4cc51db7f113785248ed1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 36D09E32148201AEDA115B10DD05A1A7FA5EB94355F12C42EF589540B1D73584619F09
                                                                                                                                                                                                                                                                                                Function 004045C4 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004066A5: lstrcatW.KERNEL32(Delete on reboot: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004066A5: lstrlenW.KERNEL32(Delete on reboot: ,00000000,Delete on reboot: C:\Users\user\AppData\Local\Temp\nss93A4.tmp\,?), ref: 004068A4
                                                                                                                                                                                                                                                                                                • SetDlgItemTextW.USER32(?,?,00000000), ref: 004045DE
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ItemTextlstrcatlstrlen
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 281422827-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 73b3e70f26523695344aa313222f8106b15ff01fe64d2e6c86eba35ea0453547
                                                                                                                                                                                                                                                                                                • Instruction ID: ac81fd1055ba0297197cac3df011722fda0f302089e5b839fe348bc6695a069d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 73b3e70f26523695344aa313222f8106b15ff01fe64d2e6c86eba35ea0453547
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 77C04C7554C300BFE641A755CC42F1FB799EF94319F04C92EB19DE11D1C63984309A2A
                                                                                                                                                                                                                                                                                                Function 00404610 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(?,?,00000000,00000000), ref: 00404622
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 9c430a585af9dead0ced1b9af2f98ef41eb9ba8c771f5b32e4223fd7c27f5ad5
                                                                                                                                                                                                                                                                                                • Instruction ID: fa72961503f19785daae9782980f5036fb15b24dbeb52af421932fe0302741c0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c430a585af9dead0ced1b9af2f98ef41eb9ba8c771f5b32e4223fd7c27f5ad5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C6C08C70280A00BBDA108B108E04F023394A750701F144528B200E60E0DA74D000C61D
                                                                                                                                                                                                                                                                                                Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,004032F6,?), ref: 00403606
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FilePointer
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 973152223-0
                                                                                                                                                                                                                                                                                                • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                                                                                • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                                                                                                                                Function 004045F9 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: MessageSend
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 5a5c4a952826dcbd4dad185aa274d322bf5ed66f67c501ed72866704e0dbe47d
                                                                                                                                                                                                                                                                                                • Instruction ID: 5a30394b93e65fd8a17989e6605914f9aef953664f6616273aff2242651056bf
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5a5c4a952826dcbd4dad185aa274d322bf5ed66f67c501ed72866704e0dbe47d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E5B01236186A00FBDE914B00DE0DF457E62F764701F008178F345240F0CEB204E4DB08
                                                                                                                                                                                                                                                                                                Function 004045E6 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • KiUserCallbackDispatcher.NTDLL(?,004043BD), ref: 004045F0
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2492992576-0
                                                                                                                                                                                                                                                                                                • Opcode ID: ae290c5a3a9bb10011a3cf71756f5d6e7621248849e07898e686139ae3f7abb2
                                                                                                                                                                                                                                                                                                • Instruction ID: b8cbf5b22e962298bdca335de0b5dd231d91e1f395c54b46411239c3469517a1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ae290c5a3a9bb10011a3cf71756f5d6e7621248849e07898e686139ae3f7abb2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1CA002754445009BDE015B51DF0DD057B71E7557057014579A54550034C6314460FB1D

                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                Function 042F1000 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000003.7443212354.00000000042F1000.00000004.00000020.00020000.00000000.sdmp, Offset: 042F1000, based on PE: false
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_3_42ef000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 7b85577ba2dd6a7cd97451b4d5bc7202f652245855232a3248a378e564cf8365
                                                                                                                                                                                                                                                                                                • Instruction ID: 48000e3bc9f094cd92202155a5cc3ff263a8d86ab579b2b08e3fba411c5e4960
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7b85577ba2dd6a7cd97451b4d5bc7202f652245855232a3248a378e564cf8365
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15712A9281E7C55ED71387749969784BFA5AF13228F1E43DBC0D08F1F3E268494AC722
                                                                                                                                                                                                                                                                                                Function 004062AE Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 130memorystringCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(?,0045EDE8,00000400), ref: 004062F2
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004060BD: lstrlenA.KERNEL32(?,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000), ref: 004060CD
                                                                                                                                                                                                                                                                                                  • Part of subcall function 004060BD: lstrlenA.KERNEL32(?,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000), ref: 004060FF
                                                                                                                                                                                                                                                                                                • GetShortPathNameW.KERNEL32(?,0045F5E8,00000400), ref: 0040630F
                                                                                                                                                                                                                                                                                                • wsprintfA.USER32 ref: 0040632D
                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,0045F5E8,C0000000,00000004,0045F5E8,?), ref: 00406368
                                                                                                                                                                                                                                                                                                • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 00406377
                                                                                                                                                                                                                                                                                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 004063AF
                                                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(?,00000000,00000000,00000000,00000000,0045E9E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 00406416
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0040641D
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406158: GetFileAttributesW.KERNEL32(?,00403113,004DD000,80000000,00000003), ref: 0040615C
                                                                                                                                                                                                                                                                                                  • Part of subcall function 00406158: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                                                                                                                                • String ID: %ls=%ls$[Rename]$E
                                                                                                                                                                                                                                                                                                • API String ID: 2171350718-3393067000
                                                                                                                                                                                                                                                                                                • Opcode ID: 96ef83b9170a865a5eb3b19a585758a46a32d6a0681c1ff1afe85a7ee5a2d144
                                                                                                                                                                                                                                                                                                • Instruction ID: 42b546fa1c951d9ababbdf363c054459f9c5d3fee4263add73be13c6f7e09851
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 96ef83b9170a865a5eb3b19a585758a46a32d6a0681c1ff1afe85a7ee5a2d144
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 66314531100315BBD2206B619D48F5B3AACEF85705F16003AFE02FA2C3EA7CD92586BD
                                                                                                                                                                                                                                                                                                Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(00000000), ref: 00404686
                                                                                                                                                                                                                                                                                                • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                                                                                                                                                                                                                                                                • SetBkMode.GDI32(?,?), ref: 0040469E
                                                                                                                                                                                                                                                                                                • GetSysColor.USER32(?), ref: 004046B1
                                                                                                                                                                                                                                                                                                • SetBkColor.GDI32(?,?), ref: 004046C1
                                                                                                                                                                                                                                                                                                • DeleteObject.GDI32(?), ref: 004046DB
                                                                                                                                                                                                                                                                                                • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2320649405-0
                                                                                                                                                                                                                                                                                                • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                                                                                • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                                                                                                                                                                                                                                                                Function 004068EF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CharNextW.USER32(?,*?|<>/":,00000000,00000000,75263420,004D5000,?,0040361B,004D5000,004D5000,00403923), ref: 00406952
                                                                                                                                                                                                                                                                                                • CharNextW.USER32(?,?,?,00000000,?,0040361B,004D5000,004D5000,00403923), ref: 00406961
                                                                                                                                                                                                                                                                                                • CharNextW.USER32(?,00000000,75263420,004D5000,?,0040361B,004D5000,004D5000,00403923), ref: 00406966
                                                                                                                                                                                                                                                                                                • CharPrevW.USER32(?,?,75263420,004D5000,?,0040361B,004D5000,004D5000,00403923), ref: 00406979
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Char$Next$Prev
                                                                                                                                                                                                                                                                                                • String ID: *?|<>/":
                                                                                                                                                                                                                                                                                                • API String ID: 589700163-165019052
                                                                                                                                                                                                                                                                                                • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                                                                                                                                                                                                • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                                                                                                                                                                                                                                                                Function 00405FE2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CharNextW.USER32(?,?,C:\,?,00406056,C:\,C:\,?,?,75262EE0,00405D94,?,75263420,75262EE0,00000000), ref: 00405FF0
                                                                                                                                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 00405FF5
                                                                                                                                                                                                                                                                                                • CharNextW.USER32(00000000), ref: 0040600D
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CharNext
                                                                                                                                                                                                                                                                                                • String ID: C:\
                                                                                                                                                                                                                                                                                                • API String ID: 3213498283-3404278061
                                                                                                                                                                                                                                                                                                • Opcode ID: 57a0f749dedf01e66309fd0a2db08218b059d7c159d1474e7fdd1c0f95484055
                                                                                                                                                                                                                                                                                                • Instruction ID: 9591e5d2d6cc4da8a277cdd2950c9df49d0e6238b1c8fa324483ed042f0d35b3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 57a0f749dedf01e66309fd0a2db08218b059d7c159d1474e7fdd1c0f95484055
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0F0F67188072555DF31FA5C4C54A7756BCEB54391B06803FE243B71C0D7F84CA086AA
                                                                                                                                                                                                                                                                                                Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000), ref: 004060CD
                                                                                                                                                                                                                                                                                                • lstrcmpiA.KERNEL32(?,?), ref: 004060E5
                                                                                                                                                                                                                                                                                                • CharNextA.USER32(?,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000), ref: 004060F6
                                                                                                                                                                                                                                                                                                • lstrlenA.KERNEL32(?,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000), ref: 004060FF
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 00000000.00000002.7459386749.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459296810.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459464211.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000412000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000416000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000041E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000043E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000045E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000471000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000475000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000047D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000489000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.000000000049D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.00000000004D9000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000641000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000645000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7459534605.0000000000649000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 00000000.00000002.7462165003.000000000080D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_0_2_400000_ccsetup624.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 190613189-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                                                                                                                                                                                                • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798

                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                Execution Coverage:0.7%
                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                Signature Coverage:15.3%
                                                                                                                                                                                                                                                                                                Total number of Nodes:378
                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:17
                                                                                                                                                                                                                                                                                                execution_graph 51448 8ec8b9 51449 8ec8c2 51448->51449 51452 8ec8d8 51448->51452 51449->51452 51454 8ec8e5 51449->51454 51451 8ec8cf 51451->51452 51469 8eca87 15 API calls 51451->51469 51455 8ec8ee 51454->51455 51456 8ec8f1 51454->51456 51455->51451 51470 8f40d7 GetEnvironmentStringsW 51456->51470 51458 8ec8f7 51459 8ec8fd 51458->51459 51460 8ec909 51458->51460 51477 8ef461 14 API calls 51459->51477 51478 8ec93a 44 API calls 51460->51478 51463 8ec903 51463->51451 51464 8ec910 51479 8ef461 14 API calls 51464->51479 51466 8ec92d 51480 8ef461 14 API calls 51466->51480 51468 8ec933 51468->51451 51469->51452 51471 8f40e8 51470->51471 51472 8f40e6 51470->51472 51481 8ef49b 51471->51481 51472->51458 51474 8f40fd 51488 8ef461 14 API calls 51474->51488 51476 8f4117 FreeEnvironmentStringsW 51476->51458 51477->51463 51478->51464 51479->51466 51480->51468 51482 8ef4d9 51481->51482 51486 8ef4a9 51481->51486 51490 8d882d 14 API calls 51482->51490 51484 8ef4c4 RtlAllocateHeap 51485 8ef4d7 51484->51485 51484->51486 51485->51474 51486->51482 51486->51484 51489 8edf63 EnterCriticalSection LeaveCriticalSection 51486->51489 51488->51476 51489->51486 51490->51485 51491 8c5105 51492 8c511d 51491->51492 51493 8c5124 51492->51493 51514 8d3a91 51492->51514 51495 8c51c5 51517 8d4087 51495->51517 51497 8c514c 51497->51495 51530 8ebc63 44 API calls 51497->51530 51499 8c51cd 51521 8c54e0 51499->51521 51504 8c51fc 51507 8c5205 51504->51507 51531 8ed25a 25 API calls 51504->51531 51505 8c5282 51527 8ed2a5 51505->51527 51532 8d3a3c 80 API calls 51507->51532 51511 8c520e 51513 8c5290 51534 8d3a64 51514->51534 51542 8d57e0 51517->51542 51519 8d409a GetStartupInfoW 51520 8d40ad 51519->51520 51520->51499 51522 8c54f0 51521->51522 51523 8c51ef 51522->51523 51544 8c52e0 56 API calls 51522->51544 51525 8d40bd GetModuleHandleW 51523->51525 51526 8c51f4 51525->51526 51526->51504 51526->51505 51545 8ed08d 51527->51545 51530->51495 51531->51507 51532->51511 51533 8ed269 25 API calls 51533->51513 51535 8d3a7a 51534->51535 51536 8d3a73 51534->51536 51541 8edde4 47 API calls 51535->51541 51540 8edd67 47 API calls 51536->51540 51539 8d3a78 51539->51497 51540->51539 51541->51539 51543 8d57f7 51542->51543 51543->51519 51543->51543 51544->51522 51546 8ed0cc 51545->51546 51547 8ed0ba 51545->51547 51557 8ecf55 51546->51557 51572 8ed155 GetModuleHandleW 51547->51572 51550 8ed0bf 51550->51546 51573 8ed1ba GetModuleHandleExW 51550->51573 51552 8c5288 51552->51533 51556 8ed11e 51558 8ecf61 51557->51558 51579 8ed72e EnterCriticalSection 51558->51579 51560 8ecf6b 51580 8ecfa2 51560->51580 51562 8ecf78 51584 8ecf96 51562->51584 51565 8ed124 51614 8ed198 51565->51614 51568 8ed142 51570 8ed1ba 3 API calls 51568->51570 51569 8ed132 GetCurrentProcess TerminateProcess 51569->51568 51571 8ed14a ExitProcess 51570->51571 51572->51550 51574 8ed21a 51573->51574 51575 8ed1f9 GetProcAddress 51573->51575 51576 8ed0cb 51574->51576 51577 8ed220 FreeLibrary 51574->51577 51575->51574 51578 8ed20d 51575->51578 51576->51546 51577->51576 51578->51574 51579->51560 51581 8ecfae 51580->51581 51582 8ed015 51581->51582 51587 8edd7d 51581->51587 51582->51562 51613 8ed776 LeaveCriticalSection 51584->51613 51586 8ecf84 51586->51552 51586->51565 51588 8edd89 51587->51588 51591 8edad5 51588->51591 51590 8eddb0 51590->51582 51592 8edae1 51591->51592 51599 8ed72e EnterCriticalSection 51592->51599 51594 8edaef 51600 8edc8d 51594->51600 51598 8edb0d 51598->51590 51599->51594 51601 8edafc 51600->51601 51604 8edcac 51600->51604 51606 8edb24 LeaveCriticalSection 51601->51606 51602 8edd3a 51602->51601 51612 8ef461 14 API calls 51602->51612 51604->51601 51604->51602 51607 89e83a 51604->51607 51606->51598 51608 89e844 51607->51608 51609 89e850 ReleaseMutex 51608->51609 51610 89e85d FindCloseChangeNotification 51608->51610 51611 89e871 51608->51611 51609->51608 51610->51608 51611->51604 51612->51601 51613->51586 51619 8f235f 6 API calls 51614->51619 51616 8ed19d 51617 8ed12e 51616->51617 51618 8ed1a2 GetPEB 51616->51618 51617->51568 51617->51569 51618->51617 51619->51616 51620 88b043 51723 88b048 51620->51723 51621 88b248 51622 88b482 51621->51622 51733 89e875 86 API calls 51621->51733 51624 88b486 51622->51624 51625 88b4bc 51622->51625 51721 88b4b1 51624->51721 51734 89defb 51624->51734 51626 88b4f7 51625->51626 51630 88b53a CreateMutexW 51625->51630 51625->51721 51627 88b508 51626->51627 51780 8a622f 126 API calls 51626->51780 51645 88b524 51627->51645 51627->51721 51781 89e802 CreateEventW GetLastError 51627->51781 51633 88b568 51630->51633 51634 88b552 GetLastError 51630->51634 51633->51626 51639 88b577 51633->51639 51634->51626 51634->51633 51635 88b5be 51782 89fbec 9 API calls 51635->51782 51725 8a5b9a 51639->51725 51640 88bb2a 51643 88bb2e FreeLibrary 51640->51643 51644 88bb35 51640->51644 51641 88b5c8 51649 89defb 111 API calls 51641->51649 51641->51721 51643->51644 51646 89defb 111 API calls 51644->51646 51645->51635 51647 88b63d 51645->51647 51648 88b5b6 51645->51648 51645->51721 51659 88bb40 51646->51659 51650 88b650 51647->51650 51651 88b646 CloseHandle 51647->51651 51648->51635 51652 88b69a 51648->51652 51649->51721 51655 89e83a 2 API calls 51650->51655 51651->51650 51654 89defb 111 API calls 51652->51654 51653 88bb6d 51656 88bb73 CoUninitialize 51653->51656 51696 88bb79 51653->51696 51657 88b6bc 51654->51657 51658 88b65a 51655->51658 51656->51696 51661 89defb 111 API calls 51657->51661 51783 8a8608 51658->51783 51659->51653 51804 88bec1 74 API calls 51659->51804 51664 88b6c9 51661->51664 51663 88bb67 51805 8de9a7 29 API calls 51663->51805 51667 89defb 111 API calls 51664->51667 51670 88b6d6 51667->51670 51668 88b670 51788 8a3f51 126 API calls 51668->51788 51669 88b677 51789 8a3e25 120 API calls 51669->51789 51673 89defb 111 API calls 51670->51673 51675 88b6e3 51673->51675 51674 88b675 51676 89defb 111 API calls 51674->51676 51790 89facf 9 API calls 51675->51790 51678 88b68f 51676->51678 51678->51652 51682 88b79b 51678->51682 51679 88b6ee 51680 88b742 51679->51680 51681 88b6f2 51679->51681 51683 88b746 51680->51683 51700 88b6f6 51680->51700 51684 88b709 51681->51684 51681->51700 51688 88b7b9 51682->51688 51682->51721 51794 89facf 9 API calls 51683->51794 51791 89facf 9 API calls 51684->51791 51687 88b711 51691 88b71f 51687->51691 51687->51700 51797 89ba23 397 API calls 51688->51797 51689 89defb 111 API calls 51689->51721 51690 88b74e 51693 88b75c 51690->51693 51690->51700 51792 89facf 9 API calls 51691->51792 51795 89facf 9 API calls 51693->51795 51697 88b7be 51703 88b7df 51697->51703 51697->51721 51698 88b764 51698->51700 51701 88b76d 51698->51701 51699 88b727 51699->51700 51702 88b735 51699->51702 51700->51689 51796 8901b2 140 API calls 51701->51796 51793 88f844 144 API calls 51702->51793 51798 88bf35 CreateFileW GetLastError Sleep GetLastError 51703->51798 51707 88b740 51711 89defb 111 API calls 51707->51711 51708 88b7e8 51709 88b80f 51708->51709 51710 88b7f3 51708->51710 51799 8a1b1e 68 API calls 51709->51799 51712 88b801 CloseHandle 51710->51712 51710->51721 51711->51682 51712->51721 51714 88b819 51714->51710 51715 88b820 LoadLibraryW 51714->51715 51716 88b832 GetLastError 51715->51716 51717 88b856 GetProcAddress 51715->51717 51718 88b848 CloseHandle 51716->51718 51716->51721 51717->51716 51719 88b866 51717->51719 51718->51721 51720 88b879 CloseHandle 51719->51720 51719->51721 51720->51721 51800 89e3a4 51721->51800 51722 8dd493 45 API calls 51722->51723 51723->51620 51723->51621 51723->51722 51724 8de616 45 API calls 51723->51724 51724->51723 51726 8a8608 9 API calls 51725->51726 51727 8a5baf 51726->51727 51728 8a5bb9 51727->51728 51729 8a5bc0 51727->51729 51806 8a54a3 51728->51806 51859 8a5193 123 API calls 51729->51859 51732 8a5bbe 51732->51721 51733->51622 51735 89df0a 51734->51735 51894 88aa2d 51735->51894 51737 89dfb6 51901 8d42c3 51737->51901 51738 89df3e 51738->51737 51904 8dd075 47 API calls 51738->51904 51740 89e32a 51740->51721 51742 89df8f 51905 8e1b84 15 API calls 51742->51905 51744 89dfa7 51744->51737 51906 8dd0b6 47 API calls 51744->51906 51746 89dfe0 GetCurrentProcessId 51907 88a284 47 API calls 51746->51907 51748 89e00c 51908 88bd93 72 API calls 51748->51908 51750 89e02f 51751 89e04b 51750->51751 51909 88bec1 74 API calls 51750->51909 51753 89e2ad 51751->51753 51755 88aa2d 61 API calls 51751->51755 51754 89e2b1 OutputDebugStringW 51753->51754 51759 89e2bd 51753->51759 51754->51759 51756 89e065 51755->51756 51756->51759 51765 89e081 51756->51765 51757 89e2fc CloseHandle 51758 89e303 51757->51758 51758->51737 51914 8dd3d7 14 API calls 51758->51914 51759->51757 51759->51758 51761 89e08d CreateFileW 51761->51765 51762 89e0c5 GetLastError 51763 89e0ea GetLastError 51762->51763 51762->51765 51766 89e11e 51763->51766 51767 89e0f7 WriteFile 51763->51767 51764 89e0dd Sleep 51764->51756 51765->51759 51765->51761 51765->51762 51765->51764 51768 89e124 WriteFile GetFileSizeEx 51766->51768 51767->51768 51769 89e153 51768->51769 51770 89e27b 51768->51770 51769->51770 51910 89dbad 61 API calls 51769->51910 51770->51753 51772 89e193 51911 889299 61 API calls 51772->51911 51774 89e1ab 51912 8e1b84 15 API calls 51774->51912 51776 89e1f4 51777 89e25b NtSetInformationFile 51776->51777 51779 89e1fb 51776->51779 51913 8dd3d7 14 API calls 51777->51913 51779->51757 51780->51627 51781->51645 51782->51641 51784 8d57e0 51783->51784 51785 8a864b VerSetConditionMask VerSetConditionMask VerSetConditionMask VerifyVersionInfoW 51784->51785 51786 8d360d 5 API calls 51785->51786 51787 88b669 51786->51787 51787->51668 51787->51669 51788->51674 51789->51674 51790->51679 51791->51687 51792->51699 51793->51707 51794->51690 51795->51698 51796->51707 51797->51697 51798->51708 51799->51714 51801 89defb 111 API calls 51800->51801 51802 88baff 51801->51802 51803 89e418 111 API calls 51802->51803 51803->51640 51804->51663 51805->51653 51807 8a54b4 51806->51807 51808 89e3a4 111 API calls 51807->51808 51809 8a54e2 51808->51809 51810 89e3a4 111 API calls 51809->51810 51811 8a5500 51810->51811 51860 8a3c83 51811->51860 51814 8a555a 51864 8a859d 51814->51864 51816 8a556f SysFreeString 51818 8a55a9 51816->51818 51821 8a5ac0 VariantClear 51816->51821 51819 8a859d 4 API calls 51818->51819 51820 8a55c5 SysFreeString 51819->51820 51820->51821 51832 8a55fd 51820->51832 51875 89e418 111 API calls 51821->51875 51825 8a5b80 51876 89e418 111 API calls 51825->51876 51827 8a5b8f 51877 8fa8ff IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 51827->51877 51830 8a5752 51830->51821 51831 8a579a GetSystemTime SystemTimeToFileTime 51830->51831 51831->51821 51833 8a57c3 FileTimeToSystemTime 51831->51833 51832->51821 51832->51830 51837 8a570a VariantClear 51832->51837 51833->51821 51834 8a57f8 51833->51834 51870 88a284 47 API calls 51834->51870 51836 8a583b 51838 8a859d 4 API calls 51836->51838 51837->51832 51839 8a585b SysFreeString 51838->51839 51839->51821 51841 8a588c 51839->51841 51842 8a58bc 51841->51842 51843 8a59b5 51841->51843 51871 8a8512 HeapAlloc VariantClear SysAllocString SysFreeString RaiseException 51842->51871 51873 8a8512 HeapAlloc VariantClear SysAllocString SysFreeString RaiseException 51843->51873 51846 8a58cd 51872 8a8512 HeapAlloc VariantClear SysAllocString SysFreeString RaiseException 51846->51872 51847 8a59c6 51874 8a8512 HeapAlloc VariantClear SysAllocString SysFreeString RaiseException 51847->51874 51850 8a59f6 51852 8a859d 4 API calls 51850->51852 51851 8a58fe 51853 8a859d 4 API calls 51851->51853 51854 8a5a23 SysFreeString VariantClear 51852->51854 51855 8a592b SysFreeString VariantClear 51853->51855 51858 8a5aa6 VariantClear 51854->51858 51855->51858 51858->51821 51859->51732 51861 8a3c8e 51860->51861 51862 8a3c93 VariantInit 51860->51862 51878 8a3b74 51861->51878 51862->51814 51862->51821 51865 8a85b3 SysAllocString 51864->51865 51866 8a85a9 51864->51866 51865->51866 51867 8a85c2 51865->51867 51866->51816 51893 88a64c HeapAlloc RaiseException 51867->51893 51869 8a85cc VariantClear 51869->51816 51870->51836 51871->51846 51872->51851 51873->51847 51874->51850 51875->51825 51876->51827 51879 8a3b82 51878->51879 51880 89e3a4 111 API calls 51879->51880 51881 8a3b9a 51880->51881 51882 8a8608 9 API calls 51881->51882 51883 8a3ba7 51882->51883 51884 8a3c4c CoCreateInstance 51883->51884 51885 8a3bb0 VariantInit CoCreateInstance 51883->51885 51888 8a3c68 51884->51888 51886 8a3bf7 VariantClear 51885->51886 51887 8a3be7 VariantClear 51885->51887 51886->51888 51887->51888 51892 89e418 111 API calls 51888->51892 51891 8a3c7b 51891->51862 51892->51891 51893->51869 51915 88a916 51894->51915 51896 88aa5b 51897 88aa7f 51896->51897 51898 88aa61 51896->51898 51930 88a64c HeapAlloc RaiseException 51897->51930 51898->51738 51900 88aa89 51935 8d360d 51901->51935 51903 8d42cd 51903->51903 51904->51742 51905->51744 51906->51746 51907->51748 51908->51750 51909->51751 51910->51772 51911->51774 51912->51776 51913->51770 51914->51737 51916 88a922 51915->51916 51917 88a985 51916->51917 51931 8d375c 6 API calls 51916->51931 51919 88a9fe 51917->51919 51933 8d375c 6 API calls 51917->51933 51919->51896 51920 88a943 51920->51917 51922 88a94d GetProcessHeap 51920->51922 51924 8d3a91 47 API calls 51922->51924 51923 88a99e 51923->51919 51926 8d3a91 47 API calls 51923->51926 51925 88a975 51924->51925 51932 8d3712 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 51925->51932 51928 88a9f4 51926->51928 51934 8d3712 EnterCriticalSection LeaveCriticalSection RtlWakeAllConditionVariable SetEvent ResetEvent 51928->51934 51930->51900 51931->51920 51932->51917 51933->51923 51934->51919 51936 8d3615 51935->51936 51937 8d3616 IsProcessorFeaturePresent 51935->51937 51936->51903 51939 8d3ae3 51937->51939 51942 8d3aa6 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 51939->51942 51941 8d3bc6 51941->51903 51942->51941 51943 8c5241 51944 8d40bd GetModuleHandleW 51943->51944 51945 8c5249 51944->51945 51946 8c5258 51945->51946 51950 8ed24b 25 API calls 51945->51950 51951 8ed269 25 API calls 51946->51951 51948 8c5290 51950->51946 51951->51948

                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                Function 008A54A3 Relevance: 30.2, APIs: 14, Strings: 3, Instructions: 480timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 371 8a54a3-8a5554 call 8fa921 call 89e3a4 * 2 call 8a3c83 VariantInit 380 8a555a-8a55a3 call 8a859d SysFreeString 371->380 381 8a5ac6-8a5ace 371->381 393 8a55a9-8a55f7 call 8a859d SysFreeString 380->393 394 8a5ac0 380->394 382 8a5ae0 381->382 383 8a5ad0-8a5ade 381->383 385 8a5ae2-8a5aea 382->385 383->385 388 8a5af8-8a5b00 385->388 389 8a5aec-8a5af2 385->389 391 8a5b0e-8a5b16 388->391 392 8a5b02-8a5b08 388->392 389->388 395 8a5b18-8a5b1e 391->395 396 8a5b24-8a5b2c 391->396 392->391 393->394 413 8a55fd-8a560b 393->413 394->381 395->396 400 8a5b3a-8a5b42 396->400 401 8a5b2e-8a5b34 396->401 404 8a5b50-8a5b52 400->404 405 8a5b44-8a5b4a 400->405 401->400 406 8a5b5a-8a5b99 VariantClear call 89e418 * 2 call 8fa8ff 404->406 407 8a5b54-8a5b56 404->407 405->404 407->406 416 8a5610-8a5618 413->416 416->394 418 8a561e-8a5639 416->418 418->394 421 8a563f-8a5660 418->421 421->394 423 8a5666-8a5675 421->423 424 8a567b-8a5697 423->424 425 8a5752-8a576f 423->425 428 8a573f-8a574c 424->428 429 8a569d-8a56b8 424->429 425->394 430 8a5775-8a5794 425->430 428->424 428->425 433 8a56ba-8a56c1 429->433 434 8a5728-8a5730 429->434 430->394 435 8a579a-8a57bd GetSystemTime SystemTimeToFileTime 430->435 433->434 436 8a56c3-8a5727 VariantClear 433->436 434->428 438 8a5732-8a5738 434->438 435->394 437 8a57c3-8a57f2 FileTimeToSystemTime 435->437 436->434 437->394 439 8a57f8-8a5886 call 88a284 call 8a859d SysFreeString 437->439 438->428 439->394 448 8a588c-8a58b6 439->448 450 8a58bc-8a59b0 call 8a8512 * 2 call 8a859d SysFreeString VariantClear 448->450 451 8a59b5-8a5aa0 call 8a8512 * 2 call 8a859d SysFreeString VariantClear 448->451 466 8a5aa6-8a5aba VariantClear 450->466 451->466 466->394
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 008A5548
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A5596
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A859D: SysAllocString.OLEAUT32(00000000), ref: 008A85B6
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A859D: VariantClear.OLEAUT32 ref: 008A85F0
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A55EA
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 008A5715
                                                                                                                                                                                                                                                                                                • GetSystemTime.KERNEL32(?), ref: 008A57A1
                                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 008A57B5
                                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 008A57EA
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A5879
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A598D
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 008A59A4
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A5A83
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 008A5A9A
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 008A5AA7
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 008A5B6B
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Variant$ClearString$FreeTime$System$File$AllocInit
                                                                                                                                                                                                                                                                                                • String ID: %04hu-%02hu-%02huT%02hu:%02hu:%02huZ$PrepareOnceTriggerAfter_2$System
                                                                                                                                                                                                                                                                                                • API String ID: 2914312329-1905087579
                                                                                                                                                                                                                                                                                                • Opcode ID: 330bdf963742dc3f95c6893072787eae18a25c65011ff5482e22ef9c7990b2e8
                                                                                                                                                                                                                                                                                                • Instruction ID: 33d75d91ddffc257fb1117473c1b25bf30d34090cf62cbe04ffa63aa82443dc6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 330bdf963742dc3f95c6893072787eae18a25c65011ff5482e22ef9c7990b2e8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6722E371901629DFEB65DF64CC44BDABBB9BF0A300F0081D9E909AB251DB719E84CF61
                                                                                                                                                                                                                                                                                                Function 008A3B74 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101comCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A8608: VerSetConditionMask.NTDLL(00000000,00000000,00000002,00000003), ref: 008A866B
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A8608: VerSetConditionMask.NTDLL(00000000), ref: 008A866F
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A8608: VerSetConditionMask.NTDLL(00000000), ref: 008A8673
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A8608: VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 008A8695
                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 008A3BBD
                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00904B08,00000000,00000017,00904AD8,009262C4,?,008A4107,RegisterJob_1,?), ref: 008A3BDA
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 008A3BEF
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 008A3C3E
                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00904A98,00000000,00000017,00904AA8,009262C4,PrepareSchedulerInterface,00000000,00000020,00000008,008A3C93,?,008A4107,RegisterJob_1,?), ref: 008A3C5F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • PrepareSchedulerInterface, xrefs: 008A3B8D
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ConditionMaskVariant$ClearCreateInstance$InfoInitVerifyVersion
                                                                                                                                                                                                                                                                                                • String ID: PrepareSchedulerInterface
                                                                                                                                                                                                                                                                                                • API String ID: 986233835-1452121817
                                                                                                                                                                                                                                                                                                • Opcode ID: e83bb6849cd7ef63350a216afcd1810f084bd70b09ebf2784f45c4f6ecf6767d
                                                                                                                                                                                                                                                                                                • Instruction ID: bddf3202ce1e19de12f1c17f3ddb39b601b13d405b3e5c7a6791734d73e962ab
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e83bb6849cd7ef63350a216afcd1810f084bd70b09ebf2784f45c4f6ecf6767d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FE318172A50618AEEB11EBB8DD06BEEB775FF45710F510018FA01FB1D1CAB55B048792
                                                                                                                                                                                                                                                                                                Function 0088B043 Relevance: 91.7, APIs: 11, Strings: 41, Instructions: 720COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,FreeSchedulerInterface,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32(?,?,?,FreeSchedulerInterface,?), ref: 0088BB73
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibraryUninitialize
                                                                                                                                                                                                                                                                                                • String ID: Press any key to exit console...$/applycab$/applydiff$/applydll$/applypatch$/applyupdate$/autoversion$/checkreg$/creatediff$/debug$/debugdbgout$/debugfile$/emupdater$/installer$/nokeypress$/offlinexml$/reg$/start$/unreg$/updater$An Administrator or LocalSystem account required!$ApplyEmUpdate$Diff file: %s$Diff file: %s missing$Done with %s$File %s already exists$FreeSchedulerInterface$Global\CCleanerSetupMutex$Going to %s %s file$Job "%s" started manually with status:%li$New file: %s$New file: %s missing$Old file: %s$Old file: %s missing$_tWinMain final result: %u$apply$create$diff$failure$success$usage: %s %s old_file new_file diff_file
                                                                                                                                                                                                                                                                                                • API String ID: 2820425437-1244854605
                                                                                                                                                                                                                                                                                                • Opcode ID: 34d77e476575b13a7a75d897e1de9cee170fce487c4750c83c4007ae50cfffd0
                                                                                                                                                                                                                                                                                                • Instruction ID: 3f72dedf88259bd5df3f5b2f061a055df403eb164753f69e88407ca0f5a1047e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 34d77e476575b13a7a75d897e1de9cee170fce487c4750c83c4007ae50cfffd0
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E342E4309083569FDF25FBA8C856BAD7BA1FF92314F14416AE400EB2E3DB716901DB16
                                                                                                                                                                                                                                                                                                Function 0088B5EC Relevance: 29.9, APIs: 3, Strings: 14, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 467 88b5ec-88b614 call 8a5d36 call 8a873a call 89defb 474 88b616-88b634 call 8a5168 call 89defb 467->474 475 88b637-88b63b 467->475 474->475 476 88b63d-88b644 475->476 477 88b692-88b694 475->477 479 88b650-88b66e call 89e83a call 8a8608 476->479 480 88b646-88b649 CloseHandle 476->480 482 88b69a-88b6f0 call 89defb * 4 call 89facf 477->482 483 88b79d-88b7a1 477->483 505 88b670-88b675 call 8a3f51 479->505 506 88b677 call 8a3e25 479->506 480->479 534 88b742-88b744 482->534 535 88b6f2-88b6f4 482->535 486 88bae4 483->486 487 88b7a7-88b7ab 483->487 489 88bae7-88bb0b call 89e3a4 486->489 487->486 492 88b7b1-88b7b3 487->492 502 88bb1a-88bb2c call 89e418 489->502 503 88bb0d-88bb13 489->503 492->486 497 88b7b9-88b7c2 call 89ba23 492->497 497->486 512 88b7c8-88b7d9 497->512 522 88bb2e-88bb2f FreeLibrary 502->522 523 88bb35-88bb49 call 89defb 502->523 503->502 518 88b67c-88b68f call 89defb 505->518 506->518 519 88b7df-88b7f1 call 88bf35 512->519 520 88b4b4-88b4b7 512->520 518->477 532 88b80f-88b81e call 8a1b1e 519->532 533 88b7f3-88b7fb 519->533 520->486 522->523 536 88bb4b-88bb52 523->536 537 88bb6d-88bb71 523->537 532->533 555 88b820-88b830 LoadLibraryW 532->555 533->486 540 88b801-88b80a CloseHandle 533->540 542 88b6f6-88b6f9 534->542 543 88b746-88b750 call 89facf 534->543 535->542 544 88b709-88b713 call 89facf 535->544 536->537 545 88bb54-88bb5b 536->545 538 88bb79-88bbeb call 88aa0b * 7 call 8d42a0 537->538 539 88bb73 CoUninitialize 537->539 539->538 540->486 549 88b6fe-88b704 call 89defb 542->549 565 88b75c-88b766 call 89facf 543->565 566 88b752-88b75a 543->566 559 88b71f-88b72c call 89facf 544->559 560 88b715-88b71d 544->560 545->537 551 88bb5d-88bb68 call 88bec1 call 8de9a7 545->551 549->486 551->537 562 88b832-88b842 GetLastError 555->562 563 88b856-88b864 GetProcAddress 555->563 580 88b72e-88b733 559->580 581 88b735-88b740 call 88f844 559->581 560->549 562->489 571 88b848-88b851 CloseHandle 562->571 563->562 572 88b866-88b877 call 8a9058 563->572 578 88b768-88b76b 565->578 579 88b76d-88b77d call 8901b2 565->579 566->549 571->489 584 88b879-88b87e CloseHandle 572->584 585 88b882-88b897 572->585 578->580 594 88b77e-88b79c call 89defb 579->594 580->549 581->594 584->585 596 88b899 585->596 597 88b8a1-88b8a8 585->597 594->483 601 88b89b-88b89c 596->601 602 88b8aa-88b8ac 597->602 603 88b8ae-88b8b2 597->603 601->489 602->601 606 88b8c4-88b8cb call 8aa13b 603->606 607 88b8b4-88b8c2 call 8b39d1 603->607 613 88b8d0-88b8d3 606->613 607->613 613->489
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A873A: GetModuleFileNameW.KERNEL32(00000000,?,00000104,00000214,0088B5FE), ref: 008A8760
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 0088B647
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,FreeSchedulerInterface,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseFileFreeHandleLibraryModuleName
                                                                                                                                                                                                                                                                                                • String ID: Press any key to exit console...$Diff file: %s$FreeSchedulerInterface$Going to %s %s file$Job "%s" registered with status:%li$Job "%s" started manually with status:%li$Job "%s" unregistered with status:%li$New file: %s$Old file: %s$Old file: %s missing$_tWinMain final result: %u$apply$create$diff
                                                                                                                                                                                                                                                                                                • API String ID: 3663073511-2609970337
                                                                                                                                                                                                                                                                                                • Opcode ID: cae880b9279b75ee311e51a1854b985632875ae7ad6dae242ad67cb67de27c9b
                                                                                                                                                                                                                                                                                                • Instruction ID: b87ba25e7b6e54b38f156858ead633a00fe4ea700e661eaca0ec49958eb242d0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cae880b9279b75ee311e51a1854b985632875ae7ad6dae242ad67cb67de27c9b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B251C330909286DFDF28FBA8DD5ABAC7B60FF91318F184058F401AB1D2CB615D05EB22
                                                                                                                                                                                                                                                                                                Function 0088B8EF Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 616 88b8ef-88b8f1 617 88b8fb-88b903 616->617 618 88b8f3-88b8f9 616->618 619 88b909-88b913 617->619 618->619 621 88b916 call 89facf 619->621 622 88b91b-88b91d 621->622 623 88b938-88b974 call 889396 call 88a5c2 call 88bd07 call 8d4aca 622->623 624 88b91f-88b933 call 89defb 622->624 644 88b97a-88b985 623->644 645 88ba03-88ba09 623->645 629 88bae4-88bb0b call 89e3a4 624->629 637 88bb1a-88bb2c call 89e418 629->637 638 88bb0d-88bb13 629->638 649 88bb2e-88bb2f FreeLibrary 637->649 650 88bb35-88bb49 call 89defb 637->650 638->637 644->645 646 88b987-88b9b1 call 88bbee call 88943e call 88aa0b 644->646 647 88bac9-88bad0 645->647 648 88ba0f-88ba5e 645->648 646->645 647->629 654 88bad2-88bad4 647->654 648->647 649->650 660 88bb4b-88bb52 650->660 661 88bb6d-88bb71 650->661 654->629 658 88bad6-88bad8 654->658 658->629 662 88bada-88badd 658->662 660->661 667 88bb54-88bb5b 660->667 665 88bb79-88bbeb call 88aa0b * 7 call 8d42a0 661->665 666 88bb73 CoUninitialize 661->666 662->629 663 88badf 662->663 663->629 668 88badf call 88aec1 663->668 666->665 667->661 671 88bb5d-88bb68 call 88bec1 call 8de9a7 667->671 668->629 671->661
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,FreeSchedulerInterface,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32(?,?,?,FreeSchedulerInterface,?), ref: 0088BB73
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Press any key to exit console..., xrefs: 0088BB5D
                                                                                                                                                                                                                                                                                                • Cannot open offline XML descriptor %s: %li, xrefs: 0088B926
                                                                                                                                                                                                                                                                                                • file://, xrefs: 0088B949
                                                                                                                                                                                                                                                                                                • FreeSchedulerInterface, xrefs: 0088BAF2
                                                                                                                                                                                                                                                                                                • _tWinMain final result: %u, xrefs: 0088BB36
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibraryUninitialize
                                                                                                                                                                                                                                                                                                • String ID: Press any key to exit console...$Cannot open offline XML descriptor %s: %li$FreeSchedulerInterface$_tWinMain final result: %u$file://
                                                                                                                                                                                                                                                                                                • API String ID: 2820425437-210552803
                                                                                                                                                                                                                                                                                                • Opcode ID: f998da079f96494cd17cd4e15cd694539064290b667748f7e94aeea2f9d15d26
                                                                                                                                                                                                                                                                                                • Instruction ID: 8ef4a651c3bfde0b6a00bd1d0ea5a158dffd6fbaa8a7d9b281d13af27edc298d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f998da079f96494cd17cd4e15cd694539064290b667748f7e94aeea2f9d15d26
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F51B430909285DEDF28FBA8D99ABADBB71FF91318F144059E001EB1E2CB701E05DB12
                                                                                                                                                                                                                                                                                                Function 0088BA3C Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 709 88ba3c-88ba42 710 88ba48-88ba5e call 89defb 709->710 711 88bac9-88bad0 709->711 710->711 713 88bad2-88bad4 711->713 714 88bae4-88bb0b call 89e3a4 711->714 713->714 717 88bad6-88bad8 713->717 725 88bb1a-88bb2c call 89e418 714->725 726 88bb0d-88bb13 714->726 717->714 720 88bada-88badd 717->720 720->714 721 88badf 720->721 721->714 724 88badf call 88aec1 721->724 724->714 731 88bb2e-88bb2f FreeLibrary 725->731 732 88bb35-88bb49 call 89defb 725->732 726->725 731->732 735 88bb4b-88bb52 732->735 736 88bb6d-88bb71 732->736 735->736 739 88bb54-88bb5b 735->739 737 88bb79-88bbeb call 88aa0b * 7 call 8d42a0 736->737 738 88bb73 CoUninitialize 736->738 738->737 739->736 741 88bb5d-88bb68 call 88bec1 call 8de9a7 739->741 741->736
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,FreeSchedulerInterface,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32(?,?,?,FreeSchedulerInterface,?), ref: 0088BB73
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Error applying patches status:%li, xrefs: 0088BA49
                                                                                                                                                                                                                                                                                                • Press any key to exit console..., xrefs: 0088BB5D
                                                                                                                                                                                                                                                                                                • FreeSchedulerInterface, xrefs: 0088BAF2
                                                                                                                                                                                                                                                                                                • _tWinMain final result: %u, xrefs: 0088BB36
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibraryUninitialize
                                                                                                                                                                                                                                                                                                • String ID: Press any key to exit console...$Error applying patches status:%li$FreeSchedulerInterface$_tWinMain final result: %u
                                                                                                                                                                                                                                                                                                • API String ID: 2820425437-3248502620
                                                                                                                                                                                                                                                                                                • Opcode ID: 0c6df5897a87e61f68250ab7e878f4227dcab2015fd03df1b86fa30c51c41594
                                                                                                                                                                                                                                                                                                • Instruction ID: 8cb41e7502994cd984a3c35887e1b46b1ab75fa93904d2ba3fadb85b6f06547d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c6df5897a87e61f68250ab7e878f4227dcab2015fd03df1b86fa30c51c41594
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B441B230915289DEDF28FBA8C999BEDBB60FF51318F144059D001AB1D2CB711E49DB12
                                                                                                                                                                                                                                                                                                Function 0088BAAE Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 810 88baae-88bab2 811 88bac9-88bad0 810->811 812 88bab4-88baba 810->812 813 88bad2-88bad4 811->813 814 88bae4-88bb0b call 89e3a4 811->814 812->811 815 88babc-88bac8 call 89defb 812->815 813->814 817 88bad6-88bad8 813->817 826 88bb1a-88bb2c call 89e418 814->826 827 88bb0d-88bb13 814->827 815->811 817->814 821 88bada-88badd 817->821 821->814 822 88badf 821->822 822->814 825 88badf call 88aec1 822->825 825->814 831 88bb2e-88bb2f FreeLibrary 826->831 832 88bb35-88bb49 call 89defb 826->832 827->826 831->832 835 88bb4b-88bb52 832->835 836 88bb6d-88bb71 832->836 835->836 839 88bb54-88bb5b 835->839 837 88bb79-88bbeb call 88aa0b * 7 call 8d42a0 836->837 838 88bb73 CoUninitialize 836->838 838->837 839->836 841 88bb5d-88bb68 call 88bec1 call 8de9a7 839->841 841->836
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,FreeSchedulerInterface,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32(?,?,?,FreeSchedulerInterface,?), ref: 0088BB73
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Error applying patches status:%li, xrefs: 0088BABD
                                                                                                                                                                                                                                                                                                • Press any key to exit console..., xrefs: 0088BB5D
                                                                                                                                                                                                                                                                                                • FreeSchedulerInterface, xrefs: 0088BAF2
                                                                                                                                                                                                                                                                                                • _tWinMain final result: %u, xrefs: 0088BB36
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibraryUninitialize
                                                                                                                                                                                                                                                                                                • String ID: Press any key to exit console...$Error applying patches status:%li$FreeSchedulerInterface$_tWinMain final result: %u
                                                                                                                                                                                                                                                                                                • API String ID: 2820425437-3248502620
                                                                                                                                                                                                                                                                                                • Opcode ID: b9e1a522fbb2fcc81ec806cf43bc6ae18f55371de051e40a735926cf357d770c
                                                                                                                                                                                                                                                                                                • Instruction ID: ccef5d0547b8cd2a99d5a85cd8f784cffe0cf47499aceda231eab70e6964953b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9e1a522fbb2fcc81ec806cf43bc6ae18f55371de051e40a735926cf357d770c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5231AF3091529ADEDF29FBA8CAA9BEDBB60FF51318F144059D001AB1D2CB711E49DB12
                                                                                                                                                                                                                                                                                                Function 0088BA76 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 760 88ba76-88bad0 call 89defb call 8a5b9a 767 88bad2-88bad4 760->767 768 88bae4-88bb0b call 89e3a4 760->768 767->768 770 88bad6-88bad8 767->770 776 88bb1a-88bb2c call 89e418 768->776 777 88bb0d-88bb13 768->777 770->768 772 88bada-88badd 770->772 772->768 773 88badf 772->773 773->768 775 88badf call 88aec1 773->775 775->768 781 88bb2e-88bb2f FreeLibrary 776->781 782 88bb35-88bb49 call 89defb 776->782 777->776 781->782 785 88bb4b-88bb52 782->785 786 88bb6d-88bb71 782->786 785->786 789 88bb54-88bb5b 785->789 787 88bb79-88bbeb call 88aa0b * 7 call 8d42a0 786->787 788 88bb73 CoUninitialize 786->788 788->787 789->786 791 88bb5d-88bb68 call 88bec1 call 8de9a7 789->791 791->786
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,FreeSchedulerInterface,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32(?,?,?,FreeSchedulerInterface,?), ref: 0088BB73
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Press any key to exit console..., xrefs: 0088BB5D
                                                                                                                                                                                                                                                                                                • Cannot download update descriptor status:%li, xrefs: 0088BA77
                                                                                                                                                                                                                                                                                                • FreeSchedulerInterface, xrefs: 0088BAF2
                                                                                                                                                                                                                                                                                                • _tWinMain final result: %u, xrefs: 0088BB36
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibraryUninitialize
                                                                                                                                                                                                                                                                                                • String ID: Press any key to exit console...$Cannot download update descriptor status:%li$FreeSchedulerInterface$_tWinMain final result: %u
                                                                                                                                                                                                                                                                                                • API String ID: 2820425437-3517245302
                                                                                                                                                                                                                                                                                                • Opcode ID: d875c90f8a53f1962fcba4eee03681370fde8a4a3ca7a3905f03a2fe2295ea4f
                                                                                                                                                                                                                                                                                                • Instruction ID: 9283b3c0aca59d0514005e5fcdab1c0a733310bd8177f5cbe337d31e030328b6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d875c90f8a53f1962fcba4eee03681370fde8a4a3ca7a3905f03a2fe2295ea4f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68319330915289DEDF28FBA8DA99BED7B70FF51318F14405DE0019B1D2CB751A45DB12
                                                                                                                                                                                                                                                                                                Function 0088BA9B Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 860 88ba9b-88bad0 call 89defb 865 88bad2-88bad4 860->865 866 88bae4-88bb0b call 89e3a4 860->866 865->866 868 88bad6-88bad8 865->868 874 88bb1a-88bb2c call 89e418 866->874 875 88bb0d-88bb13 866->875 868->866 870 88bada-88badd 868->870 870->866 871 88badf 870->871 871->866 873 88badf call 88aec1 871->873 873->866 879 88bb2e-88bb2f FreeLibrary 874->879 880 88bb35-88bb49 call 89defb 874->880 875->874 879->880 883 88bb4b-88bb52 880->883 884 88bb6d-88bb71 880->884 883->884 887 88bb54-88bb5b 883->887 885 88bb79-88bbeb call 88aa0b * 7 call 8d42a0 884->885 886 88bb73 CoUninitialize 884->886 886->885 887->884 889 88bb5d-88bb68 call 88bec1 call 8de9a7 887->889 889->884
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,FreeSchedulerInterface,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                • CoUninitialize.OLE32(?,?,?,FreeSchedulerInterface,?), ref: 0088BB73
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Press any key to exit console..., xrefs: 0088BB5D
                                                                                                                                                                                                                                                                                                • No update available, xrefs: 0088BA9B
                                                                                                                                                                                                                                                                                                • FreeSchedulerInterface, xrefs: 0088BAF2
                                                                                                                                                                                                                                                                                                • _tWinMain final result: %u, xrefs: 0088BB36
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibraryUninitialize
                                                                                                                                                                                                                                                                                                • String ID: Press any key to exit console...$FreeSchedulerInterface$No update available$_tWinMain final result: %u
                                                                                                                                                                                                                                                                                                • API String ID: 2820425437-1911703095
                                                                                                                                                                                                                                                                                                • Opcode ID: 6969bdbcb478cfe9e14df79a0e6db4806e3df80449b05b80990554d48767450f
                                                                                                                                                                                                                                                                                                • Instruction ID: a481c17b2e7cf38ed3a3e6975e29058fa0d1b161003bfec76e385e5469429e74
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6969bdbcb478cfe9e14df79a0e6db4806e3df80449b05b80990554d48767450f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B531913091528ADEDF28FBA8D699BECBB70FF51318F244059D001AB1D2CB711A49DB12
                                                                                                                                                                                                                                                                                                Function 008ED124 Relevance: 4.5, APIs: 3, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,008ED11E,00000000,008D8532,?,?,01348D3A,008D8532,?), ref: 008ED135
                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,008ED11E,00000000,008D8532,?,?,01348D3A,008D8532,?), ref: 008ED13C
                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32 ref: 008ED14E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 120dfdf87a9610f26dc3484bf5a18f49d2a7dd17a59b1a6cc8ac43fa93a2b317
                                                                                                                                                                                                                                                                                                • Instruction ID: ed9dee4062b52992b6f9ff8bb1e12896171d5853045f37debe945a195447b08f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 120dfdf87a9610f26dc3484bf5a18f49d2a7dd17a59b1a6cc8ac43fa93a2b317
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 47D09E31018284EFCF013F66DD0D85E7F2EFF85351B44C014B91989131CF719A55AA41
                                                                                                                                                                                                                                                                                                Function 008F40D7 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetEnvironmentStringsW.KERNEL32(?,008EC8F7,?,008EC8CF), ref: 008F40DA
                                                                                                                                                                                                                                                                                                • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,008EC8F7,?,008EC8CF), ref: 008F4119
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: EnvironmentStrings$Free
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3328510275-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b43a9548e6ec1c5aa12b5947ba38e63ed5113bc1e1569e09fdfecb5ec78953d2
                                                                                                                                                                                                                                                                                                • Instruction ID: 4a9a97c090ffa4120c8f4b3ed8334e22b2de901821296c8ac99bdb718c358f31
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b43a9548e6ec1c5aa12b5947ba38e63ed5113bc1e1569e09fdfecb5ec78953d2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F5E09B37609E252BD111363D7C89EAF1B0DEFC2775B154227F611D62839E114D4201A6
                                                                                                                                                                                                                                                                                                Function 0089E83A Relevance: 3.0, APIs: 2, Instructions: 27synchronizationCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 928 89e83a-89e841 929 89e844-89e84e 928->929 930 89e858-89e85b 929->930 931 89e850-89e852 ReleaseMutex 929->931 932 89e868-89e86f 930->932 933 89e85d-89e865 FindCloseChangeNotification 930->933 931->930 932->929 934 89e871-89e874 932->934 933->932
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ReleaseMutex.KERNEL32(?,?,?,00000000,0089E7C7,01348D3A), ref: 0089E852
                                                                                                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(?,?,?,00000000,0089E7C7,01348D3A), ref: 0089E85F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ChangeCloseFindMutexNotificationRelease
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 4264517613-0
                                                                                                                                                                                                                                                                                                • Opcode ID: a19e99d40b934f5ef3080ac6e3bcbca61ba29c5a3de49066b0f56526da410b70
                                                                                                                                                                                                                                                                                                • Instruction ID: dac6ed42e806d415f0e61f261034a0bbcaccc28623c3db9a2f27fc22661af783
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a19e99d40b934f5ef3080ac6e3bcbca61ba29c5a3de49066b0f56526da410b70
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8E09A322101009FEF209F6AD8483967BA6FB84362B1A0039E98AE6060DB314CA2DA40
                                                                                                                                                                                                                                                                                                Function 008EF49B Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 935 8ef49b-8ef4a7 936 8ef4d9-8ef4e4 call 8d882d 935->936 937 8ef4a9-8ef4ab 935->937 945 8ef4e6-8ef4e8 936->945 939 8ef4ad-8ef4ae 937->939 940 8ef4c4-8ef4d5 RtlAllocateHeap 937->940 939->940 941 8ef4d7 940->941 942 8ef4b0-8ef4b7 call 8ecec6 940->942 941->945 942->936 947 8ef4b9-8ef4c2 call 8edf63 942->947 947->936 947->940
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,?,?,?,008D3CBD,?,?,008C4AAA,00000008,01348D3A), ref: 008EF4CD
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 719127f81955dbb47589044817c9f24dc27aff4887c4d160f4b3b4d8d8003cab
                                                                                                                                                                                                                                                                                                • Instruction ID: d8006e6bf7523d9153fadbbd97ced85875f05b36e2506718763f575ccdf3638d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 719127f81955dbb47589044817c9f24dc27aff4887c4d160f4b3b4d8d8003cab
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04E0E531505296A7E631267B9D00B5B7A4CFB433B8F044131AE29D64D3DE10CC0083E9

                                                                                                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                                                                                                Function 0089BA23 Relevance: 128.8, APIs: 22, Strings: 51, Instructions: 1081timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCommandLineW.KERNEL32(LoadConfig,00000000), ref: 0089BAB2
                                                                                                                                                                                                                                                                                                • GetSystemTime.KERNEL32(?), ref: 0089BACC
                                                                                                                                                                                                                                                                                                • GetDateFormatW.KERNEL32(00000000,00000000,?,yyyy'-'MM'-'dd,00000000,00000040,00000040), ref: 0089BAF1
                                                                                                                                                                                                                                                                                                • GetTimeFormatW.KERNEL32(00000000,00000000,?,HH':'mm':'ss,00000000,00000040,00000040), ref: 0089BB13
                                                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(00927558,?,000002B4,0088B7BE), ref: 0089BB59
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,000002B4,0088B7BE), ref: 0089BB63
                                                                                                                                                                                                                                                                                                • GetNativeSystemInfo.KERNEL32(00927674,?,000002B4,0088B7BE), ref: 0089BB85
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FormatSystemTime$CommandDateErrorInfoLastLineNativeVersion
                                                                                                                                                                                                                                                                                                • String ID: %hu$B$C:\$Cannot query processor power info info, ntst=%X$Cannot query version info, gle=%u$Config$ConnectionCheck$ConnectionTimeout$ConnectivityStep$ConnectivityTimeout$CopyBufferSize$CryptCATAdminAcquireContext2$Current build version: %s$Current update version: %d$Current version: %d$DisableBits$Geo: %s$Guid: %s$HH':'mm':'ss$Icarus$IniDescriptor$Installer: %s$Instup$JobIntervalHours$LastAppliedPatchId$LoadConfig$Midex: %s$Product$ProxyAddress$ProxyCredentialsEnabled$ProxyEnabled$ProxyPassword$ProxyPort$ProxyUsername$Registry$Setup\$Sha256 driver signatures are NOT SUPPORTED$TemporaryDir$UTC: %s %s$Unable to load product config, gle=%u$UseOwnDnsQuery$Windows %u.%u.%u %s, build: %s$XmlDescriptor$`H\$arm64$drivers\$http://emupdate.avcdn.net/files/emupdate/pong.txt$wintrust.dll$x64$x86$yyyy'-'MM'-'dd
                                                                                                                                                                                                                                                                                                • API String ID: 2366964986-3594450309
                                                                                                                                                                                                                                                                                                • Opcode ID: 425dbcd68cae9519d62998ceac5185b86d20baa1b4ef5d78e009efadeb8bf73a
                                                                                                                                                                                                                                                                                                • Instruction ID: 629598cdb790054314322e8ec5a89f090b5408c831564ecb729b141ac015ccd6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 425dbcd68cae9519d62998ceac5185b86d20baa1b4ef5d78e009efadeb8bf73a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82920F30A09259AADF28FBA8DD49BADB7B4FF50308F1440E9E005E61E1DB315E85DF16
                                                                                                                                                                                                                                                                                                Function 008B3FAB Relevance: 114.6, APIs: 45, Strings: 20, Instructions: 870networksleepfileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 008B41F6
                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 008B4207
                                                                                                                                                                                                                                                                                                • WinHttpCloseHandle.WINHTTP(00000000), ref: 008B4214
                                                                                                                                                                                                                                                                                                • WinHttpCloseHandle.WINHTTP(?), ref: 008B4221
                                                                                                                                                                                                                                                                                                • WinHttpCloseHandle.WINHTTP(?), ref: 008B422E
                                                                                                                                                                                                                                                                                                • WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000), ref: 008B433D
                                                                                                                                                                                                                                                                                                • WinHttpOpen.WINHTTP(00000003,?,00000000,00000000), ref: 008B43B0
                                                                                                                                                                                                                                                                                                • WinHttpSetOption.WINHTTP(00000000,00000003,?,00000004), ref: 008B43E5
                                                                                                                                                                                                                                                                                                • WinHttpSetOption.WINHTTP(00000000,00000007,?,00000004), ref: 008B43FB
                                                                                                                                                                                                                                                                                                • WinHttpSetOption.WINHTTP(00000000,00000006,?,00000004), ref: 008B4411
                                                                                                                                                                                                                                                                                                • WinHttpSetOption.WINHTTP(00000000,00000005,?,00000004), ref: 008B4427
                                                                                                                                                                                                                                                                                                • GetFileAttributesExW.KERNEL32(?,00000000,?), ref: 008B4446
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 008B44AC
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008B44B4
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 008B44CD
                                                                                                                                                                                                                                                                                                • WinHttpCrackUrl.WINHTTP(?,00000000,00000000,?), ref: 008B44F5
                                                                                                                                                                                                                                                                                                • DnsQuery_W.DNSAPI(?,00000001,00000000,00000000,?,00000000), ref: 008B4535
                                                                                                                                                                                                                                                                                                • DnsFree.DNSAPI(?,00000001), ref: 008B4571
                                                                                                                                                                                                                                                                                                • DnsQuery_W.DNSAPI(?,00000001,00000048,00000000,?,00000000), ref: 008B45CF
                                                                                                                                                                                                                                                                                                • DnsFree.DNSAPI(?,00000001), ref: 008B4631
                                                                                                                                                                                                                                                                                                • inet_ntoa.WS2_32(?), ref: 008B4640
                                                                                                                                                                                                                                                                                                • WinHttpConnect.WINHTTP(?,?,00000000,00000000), ref: 008B46C3
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008B46D3
                                                                                                                                                                                                                                                                                                • WinHttpOpenRequest.WINHTTP(?,?,?,00000000,00000000,00000000,?,GET,?,?), ref: 008B479B
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008B47AD
                                                                                                                                                                                                                                                                                                • WinHttpGetProxyForUrl.WINHTTP(?,?,?,?), ref: 008B4822
                                                                                                                                                                                                                                                                                                • WinHttpSetOption.WINHTTP(00000000,00000026,?,0000000C), ref: 008B4838
                                                                                                                                                                                                                                                                                                • WinHttpSetCredentials.WINHTTP(00000000,00000000,00000001,00000000,?,00000000), ref: 008B4865
                                                                                                                                                                                                                                                                                                • WinHttpSetOption.WINHTTP(?,00001002,00926288,00000000), ref: 008B4892
                                                                                                                                                                                                                                                                                                • WinHttpSetOption.WINHTTP(?,00001003,00926288,00000000), ref: 008B48B0
                                                                                                                                                                                                                                                                                                • WinHttpSetOption.WINHTTP(00000000,0000001F,?,00000004), ref: 008B48DE
                                                                                                                                                                                                                                                                                                • WinHttpAddRequestHeaders.WINHTTP(00000000,?,000000FF,10000000), ref: 008B4908
                                                                                                                                                                                                                                                                                                • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 008B4939
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008B4943
                                                                                                                                                                                                                                                                                                • WinHttpAddRequestHeaders.WINHTTP(00000000,?,000000FF,10000000), ref: 008B4975
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Wrong HTTP status code returned, status: %u, xrefs: 008B4B2C
                                                                                                                                                                                                                                                                                                • WinHttpConnect failed %s:%hu, error: %u, xrefs: 008B46EF
                                                                                                                                                                                                                                                                                                • HEAD, xrefs: 008B476A
                                                                                                                                                                                                                                                                                                • Download WinHttpSendRequest continue:%u failed, error: %u, xrefs: 008B49A4
                                                                                                                                                                                                                                                                                                • Download CopyFileOrBufferToResource failed, error: %u, xrefs: 008B4BD0
                                                                                                                                                                                                                                                                                                • Upload CopyFileOrBufferToResource failed, error: %u, xrefs: 008B4A0E
                                                                                                                                                                                                                                                                                                • Upload WinHttpSendRequest failed, error: %u, xrefs: 008B494C
                                                                                                                                                                                                                                                                                                • HTTP status WinHttpQueryHeaders failed, error: %u, xrefs: 008B4AF7
                                                                                                                                                                                                                                                                                                • PerformRemoteHttpOp, xrefs: 008B401D
                                                                                                                                                                                                                                                                                                • POST, xrefs: 008B4757, 008B4772
                                                                                                                                                                                                                                                                                                • Range: bytes=%u-, xrefs: 008B4489
                                                                                                                                                                                                                                                                                                • %s:%hu, xrefs: 008B438A
                                                                                                                                                                                                                                                                                                • <, xrefs: 008B40CE
                                                                                                                                                                                                                                                                                                • WinHttpOpenRequest verb:%s path:%s flags:0x%08X failed, error: %u, xrefs: 008B47C7
                                                                                                                                                                                                                                                                                                • %hs, xrefs: 008B4647
                                                                                                                                                                                                                                                                                                • Host: , xrefs: 008B45F2
                                                                                                                                                                                                                                                                                                • GET, xrefs: 008B4765
                                                                                                                                                                                                                                                                                                • PerformRemoteHttpOp: Url: %s, xrefs: 008B42DA
                                                                                                                                                                                                                                                                                                • , xrefs: 008B4101
                                                                                                                                                                                                                                                                                                • 2, xrefs: 008B42A3
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Http$Option$ErrorFreeLastRequest$CloseHandleOpen$FileGlobalHeadersQuery_$AttributesConnectCrackCredentialsDeleteProxySendSleepinet_ntoa
                                                                                                                                                                                                                                                                                                • String ID: $%hs$%s:%hu$2$<$Download CopyFileOrBufferToResource failed, error: %u$Download WinHttpSendRequest continue:%u failed, error: %u$GET$HEAD$HTTP status WinHttpQueryHeaders failed, error: %u$Host: $POST$PerformRemoteHttpOp$PerformRemoteHttpOp: Url: %s$Range: bytes=%u-$Upload CopyFileOrBufferToResource failed, error: %u$Upload WinHttpSendRequest failed, error: %u$WinHttpConnect failed %s:%hu, error: %u$WinHttpOpenRequest verb:%s path:%s flags:0x%08X failed, error: %u$Wrong HTTP status code returned, status: %u
                                                                                                                                                                                                                                                                                                • API String ID: 1242012881-668039257
                                                                                                                                                                                                                                                                                                • Opcode ID: a9b2b0682ea1332064a74623a4db5f8429b792de3bce9e6f1508b703a8e18ccb
                                                                                                                                                                                                                                                                                                • Instruction ID: e5e2376641009658a8cd9279cc95450eab0d70c958b756e5e42c52e030c53f61
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9b2b0682ea1332064a74623a4db5f8429b792de3bce9e6f1508b703a8e18ccb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85628371915229AEDF36DB64CC46BEAB7BCFB44300F0450EAE419E2251DBB09F849F51
                                                                                                                                                                                                                                                                                                Function 008ACEFB Relevance: 83.6, APIs: 18, Strings: 29, Instructions: 1378registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,ApplyXmlRegistryUpdate,?,00000124,008AAFBA,?), ref: 008ADFF5
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Close
                                                                                                                                                                                                                                                                                                • String ID: %u $%s attribute is empty$%s attribute is mandatory for regkey node$*$ApplyXmlRegistryUpdate$Attribure mustexist is specified, but the destination registry key is missing, skipping$Invalid flag %s$Invalid flag %s in node %s$Processing regkey node: %s$REG_BINARY hex string %s of value %s is invalid$REG_DWORD number %s of value %s is invalid$Unknown registry value type specified, %s$W$aimm$delete$expand$flags$imm$mustexist$name$path$reg_binary$reg_dword$reg_expand_sz$reg_multi_sz$reg_multi_sz_add$reg_multi_sz_rem$reg_sz$regkey
                                                                                                                                                                                                                                                                                                • API String ID: 3535843008-2252632925
                                                                                                                                                                                                                                                                                                • Opcode ID: 1e9227080a461eb31508071d2e64c9b089c316d27496e5fbcb5419583f9c8e2a
                                                                                                                                                                                                                                                                                                • Instruction ID: 4ef2a56486ae2d2f1fba9dba098c1976d479fd62259640520d23e91727389719
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e9227080a461eb31508071d2e64c9b089c316d27496e5fbcb5419583f9c8e2a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73B2B231D04259DFEF18EBA8C985AEEBBB0FF15304F144059E406EBA81EB719E45CB52
                                                                                                                                                                                                                                                                                                Function 008C23C0 Relevance: 35.8, APIs: 11, Strings: 9, Instructions: 846filelibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetVersion.KERNEL32(01348D3A), ref: 008C242A
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,GetSystemFirmwareTable), ref: 008C2463
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 008C246A
                                                                                                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000), ref: 008C2D56
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressFileHandleModuleProcUnmapVersionView
                                                                                                                                                                                                                                                                                                • String ID: %d/%d/%d$,$@$GetSystemFirmwareTable$NtOpenSection$_DMI$_SM_$kernel32.dll$ntdll.dll
                                                                                                                                                                                                                                                                                                • API String ID: 2496969598-3966824023
                                                                                                                                                                                                                                                                                                • Opcode ID: 5ef3d458f6ae625238ec21bcd6e6cfbe209fd56ed91c35643fecd0acf3e0717e
                                                                                                                                                                                                                                                                                                • Instruction ID: 30b4a987df9f952ba2b35db64f9feffd53631b3156c3bee43ccc841192370d14
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ef3d458f6ae625238ec21bcd6e6cfbe209fd56ed91c35643fecd0acf3e0717e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C629A70E046598BDB25CFA8C840BADBBB5FF14318F28415DE446EB382D735E986CB91
                                                                                                                                                                                                                                                                                                Function 008A1C09 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 163serviceCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,00000001), ref: 008A1C54
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008A1C61
                                                                                                                                                                                                                                                                                                • OpenServiceW.ADVAPI32(00000000,?,00000134), ref: 008A1C75
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008A1C81
                                                                                                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(?), ref: 008A1DA2
                                                                                                                                                                                                                                                                                                • CloseServiceHandle.ADVAPI32(00000000), ref: 008A1DA9
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Service$CloseErrorHandleLastOpen$Manager
                                                                                                                                                                                                                                                                                                • String ID: 0$SeDebugPrivilege
                                                                                                                                                                                                                                                                                                • API String ID: 2257214823-155957164
                                                                                                                                                                                                                                                                                                • Opcode ID: f943e64ce3bf5ee647fd4b85c0651c650dcde44ea9c73fe43d636c1f929e21aa
                                                                                                                                                                                                                                                                                                • Instruction ID: cc97fed1e94f0502d32fe5230396605236f313325af4a2a332f511375bb57959
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f943e64ce3bf5ee647fd4b85c0651c650dcde44ea9c73fe43d636c1f929e21aa
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D151B331A54219AFEF209BA59C8CBBE7BBCFF0A704F044029F912E6550DB74D941DB61
                                                                                                                                                                                                                                                                                                Function 008A1989 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 148processsynchronizationCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 008A1A2A
                                                                                                                                                                                                                                                                                                • CreateEnvironmentBlock.USERENV(?,?,00000000), ref: 008A1A38
                                                                                                                                                                                                                                                                                                • CreateProcessAsUserW.ADVAPI32(?,?,00000000,00000000,00000000,00000000,00000008,00000000,00000000,?,?), ref: 008A1A6B
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000008,00000000,00000000,?,?), ref: 008A1A75
                                                                                                                                                                                                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF,?,00000000,00000000,00000000,00000000,00000008,00000000,00000000,?,?), ref: 008A1AA8
                                                                                                                                                                                                                                                                                                • GetExitCodeProcess.KERNEL32(?,?), ref: 008A1AB5
                                                                                                                                                                                                                                                                                                • DestroyEnvironmentBlock.USERENV(00000000,?,00000000,00000000,00000000,00000000,00000008,00000000,00000000,?,?), ref: 008A1AE5
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000008,00000000,00000000,?,?), ref: 008A1AFA
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000008,00000000,00000000,?,?), ref: 008A1B05
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateProcess$BlockCloseEnvironmentHandle$CodeDestroyErrorExitLastObjectSingleUserWait
                                                                                                                                                                                                                                                                                                • String ID: %s %s exitcode=%u$D$Executing %s with args %s$Unable to execute %s %s gle=%u$dummy %s
                                                                                                                                                                                                                                                                                                • API String ID: 814887065-3017324308
                                                                                                                                                                                                                                                                                                • Opcode ID: 6e2b89bff3d303bb9a4e2165a6cc1cf5bda6698aeb38a9d09b707c1d438c2db9
                                                                                                                                                                                                                                                                                                • Instruction ID: 9dfd8fdd773c717ecb79dd230c5569dbf7aadbf65f4a7b77e47b396e364e50c5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6e2b89bff3d303bb9a4e2165a6cc1cf5bda6698aeb38a9d09b707c1d438c2db9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 08516A31901129AFDF15EFA8CC48AEEBB79FF49314F148129F511E71A0D731AA14CB61
                                                                                                                                                                                                                                                                                                Function 0089DF0A Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 276filesleepCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,000000FC,0088D785,BZ2 error: %i,000003EC), ref: 0089DFF1
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,00010084,00000007,00000000,00000004,00000000,00000000,?), ref: 0089E0A1
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089E0C5
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 0089E0E2
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089E0EA
                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(00000000,0000FEFF,00000002,?,00000000), ref: 0089E11A
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorFileLast$CreateCurrentProcessSleepWrite
                                                                                                                                                                                                                                                                                                • String ID: %u %%%us%%s%%s$\??\
                                                                                                                                                                                                                                                                                                • API String ID: 1925643611-1010951211
                                                                                                                                                                                                                                                                                                • Opcode ID: 7a1103e5f54d3e97804df25acf09eae63518017a549fdee67331887868003f31
                                                                                                                                                                                                                                                                                                • Instruction ID: a9c2adf5cfd155d0ce006c879b6e544e6cba9e476874085cd33f7bcbfbaaa12e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a1103e5f54d3e97804df25acf09eae63518017a549fdee67331887868003f31
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7DB16131904298DEEF24EB98CD49BADBBB8FB05304F1480D9E105E7291DB715E84DF22
                                                                                                                                                                                                                                                                                                Function 008A1750 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 101libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 008A17A6
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008A17BB
                                                                                                                                                                                                                                                                                                • LoadLibraryW.KERNEL32(00000000,\wintrust.dll), ref: 008A17D8
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CryptCATAdminAddCatalog), ref: 008A17F3
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(CryptCATAdminAcquireContext), ref: 008A1805
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(CryptCATAdminReleaseContext), ref: 008A1817
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(CryptCATAdminReleaseCatalogContext), ref: 008A1829
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • CryptCATAdminAddCatalog, xrefs: 008A17ED
                                                                                                                                                                                                                                                                                                • CryptCATAdminAcquireContext, xrefs: 008A17F5
                                                                                                                                                                                                                                                                                                • CryptCATAdminReleaseCatalogContext, xrefs: 008A1819
                                                                                                                                                                                                                                                                                                • CryptCATAdminReleaseContext, xrefs: 008A1807
                                                                                                                                                                                                                                                                                                • \wintrust.dll, xrefs: 008A17C8
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressProc$DirectoryErrorLastLibraryLoadSystem
                                                                                                                                                                                                                                                                                                • String ID: CryptCATAdminAcquireContext$CryptCATAdminAddCatalog$CryptCATAdminReleaseCatalogContext$CryptCATAdminReleaseContext$\wintrust.dll
                                                                                                                                                                                                                                                                                                • API String ID: 2033465831-3990206036
                                                                                                                                                                                                                                                                                                • Opcode ID: 8797967ca4e06a07c3eddf707b3f538e5bc374c5f1655ee682a65b69babc826b
                                                                                                                                                                                                                                                                                                • Instruction ID: 7c9c8e80da42b090e4bbe3dacbb2d623718573d6106ef71e9e3abdfef8c11ed8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8797967ca4e06a07c3eddf707b3f538e5bc374c5f1655ee682a65b69babc826b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CA41AD30A18308DBEF25AFA4DC49BAD7BB5FB44350F04002AE411F69E0DB358902EB20
                                                                                                                                                                                                                                                                                                Function 0089ECE0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 182filesleepCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,00000000,00000010,0088BAAE), ref: 0089EDAE
                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000080), ref: 0089EECC
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0089EEDB
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089EEE3
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 0089EEFC
                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?,?,?,?,00000000,00000010,0088BAAE), ref: 0089EF52
                                                                                                                                                                                                                                                                                                • SetFileAttributesW.KERNEL32(?,00000010,?,?,?,00000000,00000010,0088BAAE), ref: 0089EF68
                                                                                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?,?,?,?,00000000,00000010,0088BAAE), ref: 0089EF74
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,00000000,00000010,0088BAAE), ref: 0089EF7E
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000,?,?,?,00000000,00000010,0088BAAE), ref: 0089EF87
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: File$Find$AttributesErrorLast$CloseDeleteDirectoryFirstNextRemoveSleep
                                                                                                                                                                                                                                                                                                • String ID: \\?\%s
                                                                                                                                                                                                                                                                                                • API String ID: 779774861-3682370727
                                                                                                                                                                                                                                                                                                • Opcode ID: 8fd775940a150d22acdaf232ef7cae37f4f2b6d578fc424394696b640c97a15b
                                                                                                                                                                                                                                                                                                • Instruction ID: b130d538e918ee9c1efbf6d3b155908aaa68ec3882dbd1eff00f4ee28cdadc4c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8fd775940a150d22acdaf232ef7cae37f4f2b6d578fc424394696b640c97a15b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E4714930909269DAEF28FB28DD89BEDBB74FB14304F1441D9E14AA61D1DB711F88DB12
                                                                                                                                                                                                                                                                                                Function 008BF5F0 Relevance: 18.5, Strings: 14, Instructions: 1018COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: Sh$Auth$Cent$Genu$Hygo$Micr$ai $auls$aurH$cAMD$ntel$osof$t Hv$uine
                                                                                                                                                                                                                                                                                                • API String ID: 0-894380629
                                                                                                                                                                                                                                                                                                • Opcode ID: bd7dd0f81a18ad7d5a1717a8d5a468f51b03829c52d99f9fb482297171f6208c
                                                                                                                                                                                                                                                                                                • Instruction ID: c8ad4fc4805fc228f4dd5447a9a4313af59b1a9423c559c3dfca75b2c574a15c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bd7dd0f81a18ad7d5a1717a8d5a468f51b03829c52d99f9fb482297171f6208c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70823BB1D146198AEB358FA9C8543EDFBB5FF98314F28822ED564E7392D77488818F40
                                                                                                                                                                                                                                                                                                Function 008C13F0 Relevance: 16.8, APIs: 11, Instructions: 282fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0088A916: GetProcessHeap.KERNEL32(00000000,00889575,01348D3A,?,008FABEC,000000FF), ref: 0088A950
                                                                                                                                                                                                                                                                                                • GetSystemDirectoryW.KERNEL32(00000000,00000104), ref: 008C14D4
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,?,?,0090184D), ref: 008C14DE
                                                                                                                                                                                                                                                                                                • GetVolumePathNameW.KERNEL32(00000000,00000010,00000104,00000000,?,?,0090184D), ref: 008C1555
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,0090184D), ref: 008C155F
                                                                                                                                                                                                                                                                                                • GetVolumeNameForVolumeMountPointW.KERNEL32(00000010,00000010,00000104,?,?,?,?,?,0090184D), ref: 008C15C3
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,0090184D), ref: 008C15CD
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000010,00000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,0090184D), ref: 008C167D
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,0090184D), ref: 008C168B
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,002D1080,00000000,00000000,?,0000000C,00000000,00000000), ref: 008C16AB
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,0090184D), ref: 008C16B5
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,0090184D), ref: 008C16CD
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$Volume$Name$CloseControlCreateDeviceDirectoryFileHandleHeapMountPathPointProcessSystem
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 204137380-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 5cf417c8b182c4da19d951ab6905a5ed7ab57093b35a92ac7f70effb8557d554
                                                                                                                                                                                                                                                                                                • Instruction ID: 998cb31cfa1a8a1eff20648637d6b1bf5ee6b1c5b3b814602ee69d64d0c1e333
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cf417c8b182c4da19d951ab6905a5ed7ab57093b35a92ac7f70effb8557d554
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7B16B70A002069FDB14DFA9C989FAEBBB5FF59310F14862DE901EB391EB7499408B51
                                                                                                                                                                                                                                                                                                Function 00892488 Relevance: 15.9, Strings: 11, Instructions: 2148COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: %d in block, %d after MTF & 1-2 coding, %d+2 syms in use$ bytes: mapping %d, $ initial group %d, [%d .. %d], has %d syms (%4.1f%%)$ pass %d: size is %d, grp uses are $ block %d: crc = 0x%08x, combined CRC = 0x%08x, size = %d$ final combined CRC = 0x%08x $%d $BZ2 error: %i$code lengths %d, $codes %d$selectors %d,
                                                                                                                                                                                                                                                                                                • API String ID: 0-2907567208
                                                                                                                                                                                                                                                                                                • Opcode ID: a1b59eeea36f7b5eb05acbf69a0752f7460b33ef6b0cc62c3afbece222f42ca1
                                                                                                                                                                                                                                                                                                • Instruction ID: e491fb80ef123ed760000a2327eb3ee5d4beeeefae6eaef434c4d7a18b344124
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1b59eeea36f7b5eb05acbf69a0752f7460b33ef6b0cc62c3afbece222f42ca1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 58237935A002299FDB25DF5CC881ABCB7B1FF45308F1841A9E849EB356DB35A9A1CF50
                                                                                                                                                                                                                                                                                                Function 008A18BA Relevance: 15.1, APIs: 10, Instructions: 79threadCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCurrentThread.KERNEL32 ref: 008A18D8
                                                                                                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000,00000020,00000001,00000000), ref: 008A18F3
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008A18FF
                                                                                                                                                                                                                                                                                                • ImpersonateSelf.ADVAPI32(00000002), ref: 008A190A
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008A1914
                                                                                                                                                                                                                                                                                                • OpenThreadToken.ADVAPI32(00000000,00000020,00000001,00000000), ref: 008A1921
                                                                                                                                                                                                                                                                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008A1931
                                                                                                                                                                                                                                                                                                • AdjustTokenPrivileges.ADVAPI32(00000000,00000000,0089F6FC,00000000,00000000,00000000), ref: 008A1960
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008A1966
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 008A1972
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorLastThreadToken$Open$AdjustCloseCurrentHandleImpersonateLookupPrivilegePrivilegesSelfValue
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3595924314-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 8387ebeebce1db86181a6fd547b260110ed749dba0ebce49ad5a0c86a11b8f8f
                                                                                                                                                                                                                                                                                                • Instruction ID: 12288fa4b71bb36c2d4450606f2193fe1fa853a23d31591c073396091e17811c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8387ebeebce1db86181a6fd547b260110ed749dba0ebce49ad5a0c86a11b8f8f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 51212471A10219AFEF109BA5DC89BBEBBBCFB08744F144029E501F2240D6709E459BA0
                                                                                                                                                                                                                                                                                                Function 008C19E0 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 260fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0088A916: GetProcessHeap.KERNEL32(00000000,00889575,01348D3A,?,008FABEC,000000FF), ref: 0088A950
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 008C1ADB
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008C1AE9
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateErrorFileHeapLastProcess
                                                                                                                                                                                                                                                                                                • String ID: \\.\PhysicalDrive%u
                                                                                                                                                                                                                                                                                                • API String ID: 2202902945-3292898883
                                                                                                                                                                                                                                                                                                • Opcode ID: a1c0034b99e5b224bf78a6654ed982669f1006676474761aa976f848733c3833
                                                                                                                                                                                                                                                                                                • Instruction ID: a8aa9769fbc9a18bc9baa8dbb5067997ce990755b8e36aa1b02b4ec3e77d88d2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a1c0034b99e5b224bf78a6654ed982669f1006676474761aa976f848733c3833
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54A1DE71D043489FEF10DFA8C889BAEBBB4FF05714F10821DE515AB282E770AA05CB91
                                                                                                                                                                                                                                                                                                Function 008C1D00 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 232fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0088A916: GetProcessHeap.KERNEL32(00000000,00889575,01348D3A,?,008FABEC,000000FF), ref: 0088A950
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 008C1DE6
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008C1DF4
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNEL32(00000000,00074080,00000000,00000000,?,00000018,00000000,00000000), ref: 008C1E18
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008C1E22
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,00000000), ref: 008C1F2E
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$CloseControlCreateDeviceFileHandleHeapProcess
                                                                                                                                                                                                                                                                                                • String ID: \\.\PhysicalDrive%u
                                                                                                                                                                                                                                                                                                • API String ID: 3681805340-3292898883
                                                                                                                                                                                                                                                                                                • Opcode ID: 3d2d29f6cd0f28b635d120e2374004f849ce12378ea08c896b01e8d19711fe42
                                                                                                                                                                                                                                                                                                • Instruction ID: dd1c85ea28774144c8ea56157a63a4158020ef8547bcf29408c9bb0ab7c1edf6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d2d29f6cd0f28b635d120e2374004f849ce12378ea08c896b01e8d19711fe42
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF81B271D043099FEB10DBA8CC49BAEBBB4FF55714F14821DE915EB291DB70A940CB91
                                                                                                                                                                                                                                                                                                Function 008C1760 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 210fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0088A916: GetProcessHeap.KERNEL32(00000000,00889575,01348D3A,?,008FABEC,000000FF), ref: 0088A950
                                                                                                                                                                                                                                                                                                • GetVersion.KERNEL32(?,00000000), ref: 008C17CC
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,00000000,00000003,00000000,00000003,00000000,00000000,?,00000000), ref: 008C17F3
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 008C1803
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 008C197E
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseCreateErrorFileHandleHeapLastProcessVersion
                                                                                                                                                                                                                                                                                                • String ID: \\.\PhysicalDrive%u
                                                                                                                                                                                                                                                                                                • API String ID: 516677361-3292898883
                                                                                                                                                                                                                                                                                                • Opcode ID: a56277599d581daa8dfeb21b7c0660548683bea209a6158caa8ec6a40ce2f93a
                                                                                                                                                                                                                                                                                                • Instruction ID: a01737868d32703576b19413cc3292213873e37cdb821ff822817a8a2c273781
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a56277599d581daa8dfeb21b7c0660548683bea209a6158caa8ec6a40ce2f93a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A71A2719042099FDF14DBA8C899FAEBBB4FF46314F14822DE911E7282DB70DD058BA1
                                                                                                                                                                                                                                                                                                Function 008BE8F0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 202libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSystemInfo.KERNEL32(?), ref: 008BE90A
                                                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(0000011C), ref: 008BE96D
                                                                                                                                                                                                                                                                                                • GetVersionExW.KERNEL32(0000011C), ref: 008BE988
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(NTDLL.DLL,RtlGetVersion,?), ref: 008BE9A3
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 008BE9AA
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Version$AddressHandleInfoModuleProcSystem
                                                                                                                                                                                                                                                                                                • String ID: NTDLL.DLL$RtlGetVersion
                                                                                                                                                                                                                                                                                                • API String ID: 335284197-196638859
                                                                                                                                                                                                                                                                                                • Opcode ID: af1727441d0e38732eac33ccb9f1a8928c66f2a5fb09472e99d02da41dce1b49
                                                                                                                                                                                                                                                                                                • Instruction ID: 50160eb816c2bf2585e92a00c721578fe2676744bdeb816ddd944636422bed76
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af1727441d0e38732eac33ccb9f1a8928c66f2a5fb09472e99d02da41dce1b49
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C71DC71A7511C8FEF788A14D8BA7EA7A65FB05304F20047AE607E7790C6388EC17B56
                                                                                                                                                                                                                                                                                                Function 008B00EB Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 281fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FindFirstFileW.KERNEL32(?,?,?,00000000,00914000), ref: 008B01B4
                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,00000000,00914000), ref: 008B0230
                                                                                                                                                                                                                                                                                                • FindNextFileW.KERNEL32(00000000,?,?,?,?,?,00000000,00914000), ref: 008B04EC
                                                                                                                                                                                                                                                                                                • FindClose.KERNEL32(00000000), ref: 008B050A
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FileFind$AttributesCloseFirstNext
                                                                                                                                                                                                                                                                                                • String ID: CopyFilesToDestDir$W
                                                                                                                                                                                                                                                                                                • API String ID: 134685335-3632011963
                                                                                                                                                                                                                                                                                                • Opcode ID: 9d0835477bc2c9b8f117ad32d15b96a75142b434eca55d5b42d4fb1b492feb06
                                                                                                                                                                                                                                                                                                • Instruction ID: 91640b509ce9b75b8fd79e2a5879eb217bd9e643e472d5dede152d29ce6a7f66
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9d0835477bc2c9b8f117ad32d15b96a75142b434eca55d5b42d4fb1b492feb06
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 14C138308092599ADF24FB68CD99AEEB774FF10304F1441D9E04AA7291EB715F89CF52
                                                                                                                                                                                                                                                                                                Function 008BF70D Relevance: 10.6, Strings: 8, Instructions: 647COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: Sh$Auth$Hygo$Micr$aurH$cAMD$osof$t Hv
                                                                                                                                                                                                                                                                                                • API String ID: 0-3211941817
                                                                                                                                                                                                                                                                                                • Opcode ID: 129c1fdf91528c2cefcec75f01b0549910d94aee4dd729aea3eba8188a094b85
                                                                                                                                                                                                                                                                                                • Instruction ID: c8250dc02a350c6d3561d3922c987b7c5a9fc703c3a3b6f2c3ec1d471bc5e24a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 129c1fdf91528c2cefcec75f01b0549910d94aee4dd729aea3eba8188a094b85
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D42F7B2D146198AEB258FAECC453DCFAB5FB98314F28812ED564E73A2C7748841DF40
                                                                                                                                                                                                                                                                                                Function 00897F2F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 134timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSystemTime.KERNEL32(?), ref: 0089804D
                                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 008980A0
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008980A6
                                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 008980BB
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Time$System$File$ErrorLast
                                                                                                                                                                                                                                                                                                • String ID: EvaluateTimeCondition
                                                                                                                                                                                                                                                                                                • API String ID: 1447521505-3195929557
                                                                                                                                                                                                                                                                                                • Opcode ID: 314c1cecd3605a0691a4463ea9ff5e451508fe96f86825a4a027284faebbaa51
                                                                                                                                                                                                                                                                                                • Instruction ID: d36d2169e4721416de62cd5f03b4d452d3382c4d4259bb35622971b63c1746e2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 314c1cecd3605a0691a4463ea9ff5e451508fe96f86825a4a027284faebbaa51
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA511971D0062DDACF20EFE8D944ADEBBB4FF09300F18416AE549EB211DB714A898F95
                                                                                                                                                                                                                                                                                                Function 00894330 Relevance: 7.4, Strings: 4, Instructions: 2361COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: [%d: huff+mtf $1$BZ2 error: %i$rt+rld
                                                                                                                                                                                                                                                                                                • API String ID: 0-2267245451
                                                                                                                                                                                                                                                                                                • Opcode ID: bcae923ed0a6c4443dd87006f5722b53b83b3f4bd04248361d788c9a2777f504
                                                                                                                                                                                                                                                                                                • Instruction ID: 3d11d6fa741621d05ee42117e52af1b62d26e8c40030ad39d020a110282bde88
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bcae923ed0a6c4443dd87006f5722b53b83b3f4bd04248361d788c9a2777f504
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 98330375A00615CFCF19DF18C494AA8BBF0FF49314B2981AADC5AEB35AD730A946CF50
                                                                                                                                                                                                                                                                                                Function 0088DAA5 Relevance: 6.6, Strings: 5, Instructions: 337COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: bucket sorting ...$ depth %6d has $ reconstructing block ...$%6d unresolved strings$BZ2 error: %i
                                                                                                                                                                                                                                                                                                • API String ID: 0-995844132
                                                                                                                                                                                                                                                                                                • Opcode ID: 5cb6d13a30bf2c294421bd01a63a03b8dfa189b3921184e79c8089c0ecf0352e
                                                                                                                                                                                                                                                                                                • Instruction ID: 9d6fa0ad07cb71508db5b25749bc0390bfaf3e71a4bcd551dc95d19d0b50d0e7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cb6d13a30bf2c294421bd01a63a03b8dfa189b3921184e79c8089c0ecf0352e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A9C1A671B002298BDF28AE1CDC817A973E6FF89310F15C5A9D985DB2C5DE709D828BC0
                                                                                                                                                                                                                                                                                                Function 008F4C77 Relevance: 6.4, Strings: 4, Instructions: 1436COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                • API String ID: 0-2761157908
                                                                                                                                                                                                                                                                                                • Opcode ID: b513ffecfc7c88841eb36b215786c35990bed0cc6c33a0003f5054a532ee6a01
                                                                                                                                                                                                                                                                                                • Instruction ID: 18c70c6c81952ac86fe6df72b7eac33c6abd95d2d2ceaf2bd7ab7f9ac3a6e33e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b513ffecfc7c88841eb36b215786c35990bed0cc6c33a0003f5054a532ee6a01
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19D20471E0862D8FDB65CE28DC407AAB7B9FB45305F1441EAD60DE7240EB78AE858F41
                                                                                                                                                                                                                                                                                                Function 008D3F6C Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 008D3F78
                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 008D4044
                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008D4064
                                                                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 008D406E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 254469556-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 35141184449be3f9c2e6672964852acbc809649b73110206af0bdfc9e075fe1b
                                                                                                                                                                                                                                                                                                • Instruction ID: a4e3e6dfdfe0c53af9995e7f48de7a4a0330cac0f8dc84098eed7705053c67ad
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 35141184449be3f9c2e6672964852acbc809649b73110206af0bdfc9e075fe1b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 15313875D05318DBDB10EFA4D989BCDBBB8FF08300F1041AAE508AB250EB719B849F45
                                                                                                                                                                                                                                                                                                Function 0089FBEC Relevance: 6.1, APIs: 4, Instructions: 59memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(0089FBDF,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 0089FC2D
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,0089FBDF), ref: 0089FC37
                                                                                                                                                                                                                                                                                                • CheckTokenMembership.ADVAPI32(00000000,?,?,?,?,?,?,?,0089FBDF), ref: 0089FC49
                                                                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(00000000), ref: 0089FC64
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AllocateCheckErrorFreeInitializeLastMembershipToken
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3835361876-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b1c6dcbe69d52cd16d404dfad5d9c41c38ed74ca71af16eabe8c68c5e392ee6d
                                                                                                                                                                                                                                                                                                • Instruction ID: faa72852610b99b4b26fb0b557c373b37ba8931c164931ce262ef932b24bece8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1c6dcbe69d52cd16d404dfad5d9c41c38ed74ca71af16eabe8c68c5e392ee6d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2F112A70A0621DAFDB04DFA59C85ABFBBB8FF04348F14847EA911E2251D7708E08DA61
                                                                                                                                                                                                                                                                                                Function 008D3AA6 Relevance: 6.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,008D3BC6,00904A64), ref: 008D3AAB
                                                                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(008D3BC6,?,008D3BC6,00904A64), ref: 008D3AB4
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(C0000409,?,008D3BC6,00904A64), ref: 008D3ABF
                                                                                                                                                                                                                                                                                                • TerminateProcess.KERNEL32(00000000,?,008D3BC6,00904A64), ref: 008D3AC6
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3231755760-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 257182c3cc575db5e68e6816ade0bdd99748638452b9c7ab24ce20efd1f51db1
                                                                                                                                                                                                                                                                                                • Instruction ID: 28906f30f7fb1cdb63abf6e5c83251b552d800c23a5709bceb2273181e64a2d9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 257182c3cc575db5e68e6816ade0bdd99748638452b9c7ab24ce20efd1f51db1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2AD0CA32028208EFCA002BEAED0EA897B2CAB08702F008000F31A82420CA324600AB69
                                                                                                                                                                                                                                                                                                Function 008D34FC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A95FA: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,01348D3A,?,?,008FAE56,000000FF), ref: 008A9622
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A95FA: GetLastError.KERNEL32(?,00000000,00000000,01348D3A,?,?,008FAE56,000000FF), ref: 008A962C
                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,00888884), ref: 008D352F
                                                                                                                                                                                                                                                                                                • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00888884), ref: 008D353E
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 008D3539
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                                                                                                                                • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                • API String ID: 3511171328-631824599
                                                                                                                                                                                                                                                                                                • Opcode ID: a8407a6fdbb8866c3ce8846d44f0bbb8a5acfaf314830ad2b7857728c1ac5758
                                                                                                                                                                                                                                                                                                • Instruction ID: b19d92ae3f7306216094bb20dea9c65e4a0cd9ee075ea88a6d86030900665db3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8407a6fdbb8866c3ce8846d44f0bbb8a5acfaf314830ad2b7857728c1ac5758
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2CE06DB02047028FD324AF28E4053027BF4FF04B14F00C92DE4A6C3740D7B0D6488B92
                                                                                                                                                                                                                                                                                                Function 008D8533 Relevance: 4.6, APIs: 3, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,01348D3A), ref: 008D862B
                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,01348D3A), ref: 008D8635
                                                                                                                                                                                                                                                                                                • UnhandledExceptionFilter.KERNEL32(-00000328,?,?,?,?,?,01348D3A), ref: 008D8642
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                • Opcode ID: ec2fab7ef8426eb6804bfdf936fa1ffe945dee815bb92958d9a927a2f1d8b28f
                                                                                                                                                                                                                                                                                                • Instruction ID: 75bb52e41d0fcab242bd981f610eb955c85b570d6081e873835b14063531e828
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec2fab7ef8426eb6804bfdf936fa1ffe945dee815bb92958d9a927a2f1d8b28f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7331C574911219EBCB21DF28D889B8DBBB8FF18310F5046EAE41CA7251EB709F858F45
                                                                                                                                                                                                                                                                                                Function 00889BC1 Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LoadResource.KERNEL32(00000000,00000000,01348D3A,00000002,00000000,?,00000000,008FAD42,000000FF,?,00889CB2,?,?,?,?,?), ref: 00889BEC
                                                                                                                                                                                                                                                                                                • LockResource.KERNEL32(00000000,?,00889CB2,?,?,?,?,?,?,008FAD5F,000000FF,?,00889648), ref: 00889BF7
                                                                                                                                                                                                                                                                                                • SizeofResource.KERNEL32(00000000,00000000,?,00889CB2,?,?,?,?,?,?,008FAD5F,000000FF,?,00889648), ref: 00889C05
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2853612939-0
                                                                                                                                                                                                                                                                                                • Opcode ID: c1b2d526d5321e7eb34ab9ccfbd28969981ff5f6c47430e64bcd9a9faf836205
                                                                                                                                                                                                                                                                                                • Instruction ID: 75962ac30542f18e56a896819d98efc19083df4ac06dfe4d1e0cbfc010ece899
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c1b2d526d5321e7eb34ab9ccfbd28969981ff5f6c47430e64bcd9a9faf836205
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4E014E3290462A9FC731AF2ACC44A77B7ECFB54711F04492AEC56D3240E635DC009790
                                                                                                                                                                                                                                                                                                Function 0089E545 Relevance: 3.1, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • InitializeSecurityDescriptor.ADVAPI32(0092739C,00000001,00000008), ref: 0089E5E4
                                                                                                                                                                                                                                                                                                • SetSecurityDescriptorDacl.ADVAPI32(0092739C,00000001,00000000,00000000), ref: 0089E5EF
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DescriptorSecurity$DaclInitialize
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 625223987-0
                                                                                                                                                                                                                                                                                                • Opcode ID: f28cddc4633cac65b3e3a20397eb72266e65770b109efad875373054cd9e466b
                                                                                                                                                                                                                                                                                                • Instruction ID: 94a96c3eab101927154d3d932404968eb353c9c7dffacf26b0323e9346089b97
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f28cddc4633cac65b3e3a20397eb72266e65770b109efad875373054cd9e466b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24115B7092E310EAE364DFEDBC82699FAE1FB08710B50406DAA59F73A1C6704901FB56
                                                                                                                                                                                                                                                                                                Function 00883080 Relevance: 3.0, Strings: 1, Instructions: 1750COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                                                                                                                                                                                • Opcode ID: 18e5606cde286d920a8a2db648d149935f5072be04043b5db1651fd6eb90e20d
                                                                                                                                                                                                                                                                                                • Instruction ID: 2fa2b5a3b395d2279dba2ac78d883561bcf5740a0d676066a6ab33a6c5e397f1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18e5606cde286d920a8a2db648d149935f5072be04043b5db1651fd6eb90e20d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2DD25273A083114BD318CF66DC9126BF7D3EFD8210F0BC62EF896A7644DB74A9464686
                                                                                                                                                                                                                                                                                                Function 008901B2 Relevance: 2.9, Strings: 2, Instructions: 442COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: BSDI$FF40
                                                                                                                                                                                                                                                                                                • API String ID: 0-906853832
                                                                                                                                                                                                                                                                                                • Opcode ID: 352d00b56ef0a77db48b1de3dfde4ffa0aca08c9caa22b067ce28983b3b190f1
                                                                                                                                                                                                                                                                                                • Instruction ID: a45e824caabe8419778c4664ee8239745252e048ee76419698322c66b255773f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 352d00b56ef0a77db48b1de3dfde4ffa0aca08c9caa22b067ce28983b3b190f1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0DE17F31E003199FDF25EBE9C885AAEB7B9FF55714F280129E805EB245EB309942CF51
                                                                                                                                                                                                                                                                                                Function 008C84D0 Relevance: 2.7, Strings: 1, Instructions: 1427COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: `
                                                                                                                                                                                                                                                                                                • API String ID: 0-2679148245
                                                                                                                                                                                                                                                                                                • Opcode ID: 82e7d721f80f5bba71f3797d58b864216cc65b5daa2b9e295b79dd2123f7b514
                                                                                                                                                                                                                                                                                                • Instruction ID: eb7335135fb0a8c2fb4fd3ce4d21c28fa6c4103f8b4fcc54e550e33c0608f775
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 82e7d721f80f5bba71f3797d58b864216cc65b5daa2b9e295b79dd2123f7b514
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6AE24A75E006588FDB25CFA8C494AADBBF1FF48308F54856DD89AAB345DB34A941CF10
                                                                                                                                                                                                                                                                                                Function 0088F844 Relevance: 2.0, Strings: 1, Instructions: 780COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: BSDIFF40
                                                                                                                                                                                                                                                                                                • API String ID: 0-2316742233
                                                                                                                                                                                                                                                                                                • Opcode ID: 48b10f913c7b540ddb736ba2a6c4a2676006bee379addb0d099cb7b38abe3de9
                                                                                                                                                                                                                                                                                                • Instruction ID: f2a4380a8bc8e7fdd20fda24d6171b162b38ba2dbe01b0d8805fb01eda224de4
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 48b10f913c7b540ddb736ba2a6c4a2676006bee379addb0d099cb7b38abe3de9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F6620974E002299FCF14EFA8D884A9DBBB5FF49314F24816AE519E7346EB309946CF41
                                                                                                                                                                                                                                                                                                Function 008F2B19 Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,008F2F5E,00000000,00000000,00000000), ref: 008F2E1D
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InformationTimeZone
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 565725191-0
                                                                                                                                                                                                                                                                                                • Opcode ID: a8c08e94721bf6842d9542e9f0abf526059c559ca0b7a409acabf78236dcf660
                                                                                                                                                                                                                                                                                                • Instruction ID: 20768e059b42c1479cc1d8ea1f6508581977831eaa838289b31d65f7c290dbc3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8c08e94721bf6842d9542e9f0abf526059c559ca0b7a409acabf78236dcf660
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: ECC1E57290022DABDB20AF78DC42ABE7BB9FF04750F504156FA01EB292E7709E41D791
                                                                                                                                                                                                                                                                                                Function 008EE3E9 Relevance: 1.8, APIs: 1, Instructions: 274COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008EE3E4,?,?,00000008,?,?,008F9B51,00000000), ref: 008EE616
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 29843656b7e8432986e37d6d582827ed8d3e4a364d2d24855d73ab859ae01f41
                                                                                                                                                                                                                                                                                                • Instruction ID: 72678e59a228b81aafa9cfe50281fd0678a293c37005f0b0583c4516671ecb24
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 29843656b7e8432986e37d6d582827ed8d3e4a364d2d24855d73ab859ae01f41
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1B15E31610648DFD715CF29C48AB657BE0FF56368F298658E8DACF2A1C335E991CB40
                                                                                                                                                                                                                                                                                                Function 008DBF17 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                • Opcode ID: 63ec752d028f0062e42210c5bb1c3157d000eb27d3eba07ac586e1a34f7d06d8
                                                                                                                                                                                                                                                                                                • Instruction ID: 1102c2cb7c60f52752f9dc3fb9354d032cb0574408b697fa63aa6ed29576a75c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 63ec752d028f0062e42210c5bb1c3157d000eb27d3eba07ac586e1a34f7d06d8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 34E18C74600A0ACFCB24CF68C980AAAB7B1FF49714B24875BE456DB391DB31AD46CF51
                                                                                                                                                                                                                                                                                                Function 008DBBB2 Relevance: 1.6, Strings: 1, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                • Opcode ID: dcb38b71fe1022273c826a98d09dc34f1d131950ab3e1fedb4867319cb560779
                                                                                                                                                                                                                                                                                                • Instruction ID: fcf40797047480fe69afdc8ad365aa7170e1e6925c29ed6ac04cef4587825100
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dcb38b71fe1022273c826a98d09dc34f1d131950ab3e1fedb4867319cb560779
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30B19C74A1060ADACB24CFA8C981ABEB7B1FF44314F114B1BE556EB390DB30AD46CB51
                                                                                                                                                                                                                                                                                                Function 008DB86A Relevance: 1.6, Strings: 1, Instructions: 314COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: 0
                                                                                                                                                                                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                • Opcode ID: 7d450d5f471369cbfc9fb50d5864a014474810490ae6c9d7e35aa4c773f2fb10
                                                                                                                                                                                                                                                                                                • Instruction ID: 79a7bbe20636f03617957dac462636d66c1adbe6b63a10f255f8c6b405f0693c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d450d5f471369cbfc9fb50d5864a014474810490ae6c9d7e35aa4c773f2fb10
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 70B1D070A0065ADBCB24DE68C4A1ABEBBA5FF44314F25072FD592D7391DB30AD42CB52
                                                                                                                                                                                                                                                                                                Function 008D40FF Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetUnhandledExceptionFilter.KERNEL32(Function_0005410B,008C5075), ref: 008D4104
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 52371d6f13f1c603c4ae051540c6d35449d394b12009bfccab38da80a155c737
                                                                                                                                                                                                                                                                                                • Instruction ID: 9c7d145843c8f0afc323dd0c00fe34f7a1a75c4a20672e37cbb24d2061c79dba
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52371d6f13f1c603c4ae051540c6d35449d394b12009bfccab38da80a155c737
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                Function 008CC9C0 Relevance: 1.5, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: SVW=
                                                                                                                                                                                                                                                                                                • API String ID: 0-1029679824
                                                                                                                                                                                                                                                                                                • Opcode ID: e176c970bd9b7821ec9ac3d5aa946789a9800bb442f49cf845a9080b2d895105
                                                                                                                                                                                                                                                                                                • Instruction ID: 420f831cba54faf76a9dafce1556dd0504091da7e77ee4d4da99b8f0a41fe9df
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e176c970bd9b7821ec9ac3d5aa946789a9800bb442f49cf845a9080b2d895105
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3B715CB4A1051AAFCB18CF28C895BA9BBA4FF49314F04412EE90AD7B41D731ED64CBD0
                                                                                                                                                                                                                                                                                                Function 008F805F Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: HeapProcess
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 54951025-0
                                                                                                                                                                                                                                                                                                • Opcode ID: cd4683dad9e1aa416e2c5649c844060c826dcd56a1dc11f9aeba9c6540d5399b
                                                                                                                                                                                                                                                                                                • Instruction ID: a9e828854e3fdc921b1a3c0b97aa953e24ae97367bdca50eb7874e04899abdc2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd4683dad9e1aa416e2c5649c844060c826dcd56a1dc11f9aeba9c6540d5399b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82A0223022A202CFC3208F38AF0C30C3BECBA803C0300C02AA028C2030EB388020FB00
                                                                                                                                                                                                                                                                                                Function 008CA350 Relevance: .9, Instructions: 924COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 1c03ecd4174cab3b8b4928aa6451c5a2d5dc1a3e958155ddb51267897ca6c37c
                                                                                                                                                                                                                                                                                                • Instruction ID: 3bdffa8769eeae013d265fa2418a8244c4e50de669b25062ef494dddc67f6114
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c03ecd4174cab3b8b4928aa6451c5a2d5dc1a3e958155ddb51267897ca6c37c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 27825971A006198FCB18CFA9C991BAEB7F2FF88314F14856DD486E7790D738AA41CB51
                                                                                                                                                                                                                                                                                                Function 008BB8D0 Relevance: .6, Instructions: 638COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 601c245aaa91cd38ec6e59a86f19dcb41404cf3d5ad5c12c5da19e02408d523c
                                                                                                                                                                                                                                                                                                • Instruction ID: d84cd7869c8bfe9c6b54ecdd98dbf943a6a7ec04508a613626fbdebc1e26f447
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 601c245aaa91cd38ec6e59a86f19dcb41404cf3d5ad5c12c5da19e02408d523c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE325F71A016298FDB24DE18CC80BE9B7B6FB94314F0541E9E919E7341DB72AE95CF80
                                                                                                                                                                                                                                                                                                Function 008F6FC9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 37340a458953114d10fd8121b2a9c6d7312fcfd83a34101fcadaa2f838d9b0d4
                                                                                                                                                                                                                                                                                                • Instruction ID: a629dee09a37224762a80e1b721c959a62ed94cb5ab8f9df90e665cffa07adad
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37340a458953114d10fd8121b2a9c6d7312fcfd83a34101fcadaa2f838d9b0d4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6432F232E3DF054DE7239638C862336A298EFB73D4F15D727E825B59A6EF2984835100
                                                                                                                                                                                                                                                                                                Function 008873A0 Relevance: .6, Instructions: 599COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: d320b19924144af174eedb042ec46a73225805ecc02a14be4c57fbe133ea4a58
                                                                                                                                                                                                                                                                                                • Instruction ID: 19e8aee9ad3273cb9bdb757ec6bbdcacc84bb7717276aaa569060de13f85babe
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d320b19924144af174eedb042ec46a73225805ecc02a14be4c57fbe133ea4a58
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E2273735417044BE318CE2ECC815C2B3E3AFD822475F857EC926CB796EEB9A6174648
                                                                                                                                                                                                                                                                                                Function 008C7290 Relevance: .5, Instructions: 517COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: a298b220064efc09504d322fae2345c810b887d8f1f398103602b0a5dd749d8f
                                                                                                                                                                                                                                                                                                • Instruction ID: ef271b9a33fa33b137da3c2549df6e730092108b759f930aa7886855b537c182
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a298b220064efc09504d322fae2345c810b887d8f1f398103602b0a5dd749d8f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D9128E71F081298BDF0CCE99C8A4ABCBBB2FB84311F2545ADD456E7784C6749A81CF94
                                                                                                                                                                                                                                                                                                Function 0089138E Relevance: .5, Instructions: 493COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: d2e90ba453f5e034703974178930cf3ea5ba5b9ac9e9aaf542372476dc183ba5
                                                                                                                                                                                                                                                                                                • Instruction ID: 41618e455921ac245078a505be06df5aab7f80d485eadba35575392c111953a5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d2e90ba453f5e034703974178930cf3ea5ba5b9ac9e9aaf542372476dc183ba5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E226870A08B558FDB29DF29C0A1AAEBBF1FB84300F14895DD4A7C7B52DA34B945CB40
                                                                                                                                                                                                                                                                                                Function 008E87D0 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 6a84bb64cb8c7b4442b3016b9b9de4f37d256ba1d603af9d4103e8df7c1f6624
                                                                                                                                                                                                                                                                                                • Instruction ID: 5b179aeeac5efbadc0eff22bcb530c56705b8e060955bde1a1ef607940558855
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a84bb64cb8c7b4442b3016b9b9de4f37d256ba1d603af9d4103e8df7c1f6624
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C8F14F71E01259DFDF14CF69D8806ADBBB1FF89324F15826AE919EB381DB309D418B90
                                                                                                                                                                                                                                                                                                Function 00890E65 Relevance: .4, Instructions: 401COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: f65c3fb13e6f74d20e0019940f01084fff09a2156b662745e7afdfcb24e768f1
                                                                                                                                                                                                                                                                                                • Instruction ID: 6fa33a1bb1bb20d0fece899ddc81dae80c7531691645194d5e9ac776d30eef02
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f65c3fb13e6f74d20e0019940f01084fff09a2156b662745e7afdfcb24e768f1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C5023874A046498FCF24DFA9C094AAEBBF1FB58300F28895EC496E7751D335A941CF60
                                                                                                                                                                                                                                                                                                Function 008BD040 Relevance: .4, Instructions: 389COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 4a6d1945c0d6785f6659107853861f6c69b7f4a432c0ac9c2ed878515a02fbcf
                                                                                                                                                                                                                                                                                                • Instruction ID: a5fc96df1c89744849bc3b6089b67937086b9b24d7efb4413ba9230013730f72
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4a6d1945c0d6785f6659107853861f6c69b7f4a432c0ac9c2ed878515a02fbcf
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0F1B6B5E012199FCB54CFACD980A9DBBF1FF49314F254269E819EB345E731A8468F80
                                                                                                                                                                                                                                                                                                Function 008BE460 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 3d3a2f67c8df8ea05ec0b966cb95ad7f155f1ac5664f6a09814786342bbcbfa7
                                                                                                                                                                                                                                                                                                • Instruction ID: ff4b542356ea23d81dd67c506d07f220020e958f238c652daa4ad36d9fc72cb8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3d3a2f67c8df8ea05ec0b966cb95ad7f155f1ac5664f6a09814786342bbcbfa7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D3C19572A0112D9FDB20DE68D841BEEB3B5FB95314F1502A9D41ED7342EA31AE85CF81
                                                                                                                                                                                                                                                                                                Function 008EF6AA Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: f4b94abb59f70be5ba201f10bafd087b4206d7471790caa3de70d94afa1cf871
                                                                                                                                                                                                                                                                                                • Instruction ID: c2b1aef4cb2474f32e1c9c7b775fe4f61caa2f27d810f14877c3487f88895372
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f4b94abb59f70be5ba201f10bafd087b4206d7471790caa3de70d94afa1cf871
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30B14832A042D9AFDB159F29C8817EEBBA5FF56314F14417AEA40EB243D2359D01CBA1
                                                                                                                                                                                                                                                                                                Function 008B8AC0 Relevance: .3, Instructions: 307COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: ef647fc1c5689871be85a8eea6d0d86e21e967e261e07015808aa238f1d31e10
                                                                                                                                                                                                                                                                                                • Instruction ID: bae09b30968653406c517b7807f2d87a7e87f25166c65cf74b250911875088e2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ef647fc1c5689871be85a8eea6d0d86e21e967e261e07015808aa238f1d31e10
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8AB1C3B290011CDACF60DE58DC91BEAB7BDFB55314F1045AAE50AE3341DE31AE89CB61
                                                                                                                                                                                                                                                                                                Function 008C8090 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: cfadd17797c51d1f249c3dd980d7a0c561914123fb6c3491564b97df27709c32
                                                                                                                                                                                                                                                                                                • Instruction ID: d3d79e2f733c2a18541565e4a11ad0466e2ab892e75091c204895e59386b967e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cfadd17797c51d1f249c3dd980d7a0c561914123fb6c3491564b97df27709c32
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 42B16B71E506298BDB64CF18C8887A9B3B1FF58304F1442E9D94EAB341CB34AE91CF80
                                                                                                                                                                                                                                                                                                Function 008C7D40 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 6f6ee6deb1750b84ac1af6e403b044b2bfaa75447c6d4982aa91ec2c47aa1aea
                                                                                                                                                                                                                                                                                                • Instruction ID: 1c4cbcbdcf168ba4a4152fafcbfc652e1fd9d23a2106d5fa8364c6bf0ad990ba
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6f6ee6deb1750b84ac1af6e403b044b2bfaa75447c6d4982aa91ec2c47aa1aea
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0791F375A041098BDB98CF4DD881AE973E1EB4830CF1841B9EE0DDB346D679B862CF91
                                                                                                                                                                                                                                                                                                Function 008BF380 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 2ce2a081049485a4f1ed6de176999d29bb2c3c6012d04c4c7c3535d7d1d56d70
                                                                                                                                                                                                                                                                                                • Instruction ID: b7d6d411a1ed000c432b6a4316fa32b5509138c6ce64fb9bb298a21c452192ac
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2ce2a081049485a4f1ed6de176999d29bb2c3c6012d04c4c7c3535d7d1d56d70
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E3610472D146198BEB24CFA9C9417DDFBB5FB48720F34426EE515E7342D678A9808F80
                                                                                                                                                                                                                                                                                                Function 008E67E8 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: e456cd567ca73fa1d4986cbaaa1b3b9b265e6c052f751dd76c5943361a5268fd
                                                                                                                                                                                                                                                                                                • Instruction ID: f04f07cefc02f3c011c841542d822400b646d07adfef9fe283d9036bba3bd2ba
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e456cd567ca73fa1d4986cbaaa1b3b9b265e6c052f751dd76c5943361a5268fd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4518172E00259EFDF04CF99C940AAEBBB2FF99340F198069E415EB241D734AE50CB91
                                                                                                                                                                                                                                                                                                Function 008C7AC0 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 42136c60f6bc0ee2a62a6b0492d9f1b586c088ceb182ed3605b9c6ea8184c225
                                                                                                                                                                                                                                                                                                • Instruction ID: 8f025948703fe9021f3054964c36486149a9b12e1ca9f08421b3fefdda5adb9b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 42136c60f6bc0ee2a62a6b0492d9f1b586c088ceb182ed3605b9c6ea8184c225
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF416DB6E0061A9BDB10CF98C881AAEB7B8FF49314F544169E905EB345D331EE51CB90
                                                                                                                                                                                                                                                                                                Function 008CC8D0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: adc2fe75a12df1ac963011b9aa53ede0b3d7ae20bb6f3d3f66d5db85be41c55a
                                                                                                                                                                                                                                                                                                • Instruction ID: 3d1b0caa4bf5afddbdfb103fca42c051a64496ae4500b59ed1de8b9748133dc1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: adc2fe75a12df1ac963011b9aa53ede0b3d7ae20bb6f3d3f66d5db85be41c55a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65117F37320A0A0BE74C8A28D93777532D0A745314F88A67DEA6BCF2D2D729C4558385
                                                                                                                                                                                                                                                                                                Function 008CB830 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 1759cb940a7e7d1908e2d51731a478de234e66508096729c1d21c7e443ce613b
                                                                                                                                                                                                                                                                                                • Instruction ID: 6b1da742f95e21f21be0d271211df0d7faabd6af7a852ca83863f4bbf1c3dbc0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1759cb940a7e7d1908e2d51731a478de234e66508096729c1d21c7e443ce613b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B501927260051A5BDB14CF0DC881A66B3A5FF45361B498239ED4AEB341C634F860C7D0
                                                                                                                                                                                                                                                                                                Function 008F231B Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: 7d5a145c2c5b7cba5ef0befc27ce1724cd77943d82f58722a04aef47a57a4c88
                                                                                                                                                                                                                                                                                                • Instruction ID: 8f211c32a361de0843cfde3e1cbd419f651c8ddd724db5226805f198d895edcd
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7d5a145c2c5b7cba5ef0befc27ce1724cd77943d82f58722a04aef47a57a4c88
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C9F0A0726152289FCB22D74CC406A68B3A8EB04B11F110056E644EB252C274ED01C7C0
                                                                                                                                                                                                                                                                                                Function 008F235F Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: b25d44e06a7e1bda54a71fd09b11bfdac612ce246d8ba71485b0b84ef6330628
                                                                                                                                                                                                                                                                                                • Instruction ID: 7c76a714576a97e249ebc8f8c000470bf11f25d87ff768fb78df678001134479
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b25d44e06a7e1bda54a71fd09b11bfdac612ce246d8ba71485b0b84ef6330628
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0E08C7291122CEBCB24DBACC90499AF3ECFB44B50B21059AB601D3211C274DE00CBD2
                                                                                                                                                                                                                                                                                                Function 008ED198 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: ee68eef811a1405074e6067c48de9f29a502d122b10d32bee5c5cf54b360b4e6
                                                                                                                                                                                                                                                                                                • Instruction ID: 106c2c43e26b949402c6dc1b454af300fa2ec144a030cfecd775f901196ced67
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ee68eef811a1405074e6067c48de9f29a502d122b10d32bee5c5cf54b360b4e6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 16C08C38000BC0CACE2989288672BF4736CF3A3786F84088CC9068BB46C91E9C8AD641
                                                                                                                                                                                                                                                                                                Function 0088897B Relevance: 58.2, APIs: 19, Strings: 14, Instructions: 498registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,00000000,?,UpdateVersion,SetupVersion,0000025C,0089BFA9), ref: 00888A29
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,0090EB74,00000000,00000000,?,00000208), ref: 00888A69
                                                                                                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00888B0D
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00888B1D
                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(00000000,0090EB74,00000000,00000001,00926288,00000000), ref: 00888B54
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,0090E740,00000000,00000000,?,00000208), ref: 00888BD4
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,GUID,00000000,00000000,?,00000208), ref: 00888BF9
                                                                                                                                                                                                                                                                                                • UuidFromStringW.RPCRT4(?,009274B8), ref: 00888C20
                                                                                                                                                                                                                                                                                                • UuidIsNil.RPCRT4(009274B8,?), ref: 00888C59
                                                                                                                                                                                                                                                                                                • UuidCreate.RPCRT4(009274B8), ref: 00888C68
                                                                                                                                                                                                                                                                                                • UuidToStringW.RPCRT4(009274B8,?), ref: 00888C8B
                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,0090E740,00000000,00000001,00926288,00000000,?), ref: 00888CCB
                                                                                                                                                                                                                                                                                                • UuidToStringW.RPCRT4(009274CC,?), ref: 00888D40
                                                                                                                                                                                                                                                                                                • RpcStringFreeW.RPCRT4(?), ref: 00888D61
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,SetupVersion,00000000,00000000,?,00000004), ref: 00888DA7
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,UpdateVersion,00000000,00000000,?,00000004), ref: 00888EC4
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,0090E79C,00000000,00000000,?,00000208), ref: 00888F38
                                                                                                                                                                                                                                                                                                • RpcStringFreeW.RPCRT4(00000000), ref: 008890FF
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0088A64C: HeapAlloc.KERNEL32(?,00000000,?,01348D3A,00000000,008FABEC,000000FF,?,?,0092164C,?,?,0088A4FD,80070057,?,0088940B), ref: 0088A692
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00889114
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Value$Query$StringUuid$CreateFree$AllocCloseErrorFromHeapLastOpen
                                                                                                                                                                                                                                                                                                • String ID: %02X$CCleaner.exe$CCleaner64.exe$Cannot create CCleaner registry key, gle=%u$GUID$HZ[$KillProcesses$RestartService$SOFTWARE\Piriform\CCleaner$SetupVersion$StartService$StopService$Unable to locate CCleaner program path$UpdateVersion
                                                                                                                                                                                                                                                                                                • API String ID: 2824475997-3085248813
                                                                                                                                                                                                                                                                                                • Opcode ID: b3974a874b7ac69d23c9c92fcf4d81e7f78d749185fa15dc364dac2db5a8f752
                                                                                                                                                                                                                                                                                                • Instruction ID: 693898f31e532e9684172fd23290ed7d8a8c624ed0579fcaf36c8b54bdeafa70
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b3974a874b7ac69d23c9c92fcf4d81e7f78d749185fa15dc364dac2db5a8f752
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18226D70915219EEDB24FBA8DC99BADBBB9FF44304F504099E109E72A1DB309E84DF11
                                                                                                                                                                                                                                                                                                Function 008A8B14 Relevance: 51.1, APIs: 13, Strings: 16, Instructions: 326sleepfileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: UuidCreate.RPCRT4(?), ref: 0089EBE8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: UuidToStringW.RPCRT4(?,00000000), ref: 0089EC01
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: GetTickCount.KERNEL32 ref: 0089EC1E
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: RpcStringFreeW.RPCRT4(00000000), ref: 0089EC77
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 008A8C56
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 008A8EB8
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 008A8ECD
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 008A8EE8
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008A8EF0
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 008A8F09
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseHandle$StringUuid$CountCreateDeleteErrorFileFreeLastSleepTick
                                                                                                                                                                                                                                                                                                • String ID: %s %s$%s %s %s "%s"$%s %s %s %s "%s"$.dll$.exe$/applydll$/emupdater$ApplyPatches$D$Going to execute Patch Id:%u from file %s$Patch Id:%u done, exitcode:%u$Patch Id:%u file:%s has broken signature$Patches$R$dummy$xQ[
                                                                                                                                                                                                                                                                                                • API String ID: 298505555-1538353823
                                                                                                                                                                                                                                                                                                • Opcode ID: 354309f2e8bef5d9ca1724b315acc8cdfc4b4421fd4afab1e9c702e617950489
                                                                                                                                                                                                                                                                                                • Instruction ID: 318420912e8ff51e8fc5e96fba323621b8d720b207fe73e4cca0b9f940bb0c0d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 354309f2e8bef5d9ca1724b315acc8cdfc4b4421fd4afab1e9c702e617950489
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AAE1BD30805219EFEF24EBA8DD88BADB7B4FB15314F1441D9E049A35A1DB305E84DF22
                                                                                                                                                                                                                                                                                                Function 008B34F0 Relevance: 49.4, APIs: 21, Strings: 7, Instructions: 380sleepfileprocessCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089FACF: GetFileAttributesW.KERNEL32(?,?,00000024,00896FB8,?,0091045C,?,?,?,EvaluateFileCondition,?,000000B8,?,?,?), ref: 0089FAEB
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A21D1: GetFileVersionInfoSizeW.VERSION(?,?), ref: 008A2208
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A21D1: GetLastError.KERNEL32(?,?), ref: 008A2215
                                                                                                                                                                                                                                                                                                • MoveFileExW.KERNEL32(?,?,00000000), ref: 008B36DD
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008B36E5
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 008B36FE
                                                                                                                                                                                                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 008B373A
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008B3744
                                                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000001), ref: 008B3788
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008B3790
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 008B37A9
                                                                                                                                                                                                                                                                                                • MoveFileExW.KERNEL32(?,?,00000000), ref: 008B37CA
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008B37D2
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 008B37E7
                                                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000001), ref: 008B37FA
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008B3803
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 008B381A
                                                                                                                                                                                                                                                                                                • MoveFileExW.KERNEL32(?,?,00000001), ref: 008B388C
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008B3894
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 008B38A9
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 008B3926
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 008B3931
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Unable to execute %s %s gle=%u, xrefs: 008B3765
                                                                                                                                                                                                                                                                                                • %s %s %s "%s", xrefs: 008B35D7
                                                                                                                                                                                                                                                                                                • %s %s exitcode=%u, xrefs: 008B3866
                                                                                                                                                                                                                                                                                                • /applyupdate, xrefs: 008B35C7
                                                                                                                                                                                                                                                                                                • Going to apply update using attached updater id:%u from file %s, xrefs: 008B3646
                                                                                                                                                                                                                                                                                                • /autoversion %u, xrefs: 008B3616
                                                                                                                                                                                                                                                                                                • /emupdater, xrefs: 008B35CC
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorFileLast$Sleep$Move$CloseCopyHandle$AttributesCreateInfoProcessSizeVersion
                                                                                                                                                                                                                                                                                                • String ID: /autoversion %u$%s %s %s "%s"$%s %s exitcode=%u$/applyupdate$/emupdater$Going to apply update using attached updater id:%u from file %s$Unable to execute %s %s gle=%u
                                                                                                                                                                                                                                                                                                • API String ID: 3745839926-1034979303
                                                                                                                                                                                                                                                                                                • Opcode ID: fc5f01d6d26b12f06fa140ad7a6c4e653fb0c1de26daf724ca0dff68cddfe96e
                                                                                                                                                                                                                                                                                                • Instruction ID: d825fdc133e5295f03b12964b37710c2080a194100a4c680b8a1724422ee5755
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc5f01d6d26b12f06fa140ad7a6c4e653fb0c1de26daf724ca0dff68cddfe96e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6CE1A931904259EFDF29EBA8D985BEDBBB5FF15304F148058E001BB2A1CB715E04DBA2
                                                                                                                                                                                                                                                                                                Function 008AA307 Relevance: 39.0, APIs: 9, Strings: 13, Instructions: 491COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: %u%03u%02u$.$Creating reboot file: %s$EmUpdatePending$Invalid flag %s in node %s$MicroUpdates$aswmicroupdate$flags$nobizreboot$noreboot$reboot$version$jh
                                                                                                                                                                                                                                                                                                • API String ID: 0-1021495782
                                                                                                                                                                                                                                                                                                • Opcode ID: e2adc3719769e723284845268e97c6089d39df17619b608029da48d57b53ce76
                                                                                                                                                                                                                                                                                                • Instruction ID: 66143d3d31d32b487246f71e205fcb0ab1bef01665aec4be5da5586769b44526
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2adc3719769e723284845268e97c6089d39df17619b608029da48d57b53ce76
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7212B0309042699BDB29EB68CC55BEDB779FB11340F1441E9E409E7A61EB309F85CF42
                                                                                                                                                                                                                                                                                                Function 008B082E Relevance: 38.8, APIs: 13, Strings: 9, Instructions: 333filesleepCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(0000EA60,00926288), ref: 008B08B7
                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(0000EA60,00926288), ref: 008B0975
                                                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000,00926288,HandleFiles,00000000,?,00000050,008AA6FF), ref: 008B09B7
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000050,008AA6FF), ref: 008B09BF
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8,?,00000050,008AA6FF), ref: 008B09D8
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000050,008AA6FF), ref: 008B09E4
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00926288,?,00000050,008AA6FF), ref: 008B0A18
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000050,008AA6FF), ref: 008B0A20
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8,?,00000050,008AA6FF), ref: 008B0A41
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000050,008AA6FF), ref: 008B0A7F
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089FACF: GetFileAttributesW.KERNEL32(?,?,00000024,00896FB8,?,0091045C,?,?,?,EvaluateFileCondition,?,000000B8,?,?,?), ref: 0089FAEB
                                                                                                                                                                                                                                                                                                • MoveFileExW.KERNEL32(?,?,00000005,HandleFiles,00000000,?,00000050,008AA6FF), ref: 008B0B64
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000050,008AA6FF), ref: 008B0B6E
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,HandleFiles,00000000,?,00000050,008AA6FF), ref: 008B0BC0
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Cannot move file %s -> %s gle=%u, xrefs: 008B0A8F
                                                                                                                                                                                                                                                                                                • Cannot register reboot move file %s -> %s gle=%u, xrefs: 008B0B89
                                                                                                                                                                                                                                                                                                • Cannot copy file %s -> %s gle=%u, xrefs: 008B09F4
                                                                                                                                                                                                                                                                                                • HandleFiles, xrefs: 008B086B
                                                                                                                                                                                                                                                                                                • Reboot reason delete: %s, xrefs: 008B0BDE
                                                                                                                                                                                                                                                                                                • Cannot register reboot delete file %s gle=%u, xrefs: 008B0C06
                                                                                                                                                                                                                                                                                                • Reboot reason non imm: %s, xrefs: 008B0B4A
                                                                                                                                                                                                                                                                                                • Cannot create directory %s gle=%u, xrefs: 008B0AA2
                                                                                                                                                                                                                                                                                                • Reboot reason imm: %s, xrefs: 008B0B12
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: File$ErrorLast$Move$DeleteSleep$AttributesCopy
                                                                                                                                                                                                                                                                                                • String ID: Cannot copy file %s -> %s gle=%u$Cannot create directory %s gle=%u$Cannot move file %s -> %s gle=%u$Cannot register reboot delete file %s gle=%u$Cannot register reboot move file %s -> %s gle=%u$HandleFiles$Reboot reason delete: %s$Reboot reason imm: %s$Reboot reason non imm: %s
                                                                                                                                                                                                                                                                                                • API String ID: 1728641927-124279677
                                                                                                                                                                                                                                                                                                • Opcode ID: 00f659de1a678aa9a3cce432b3f98fc465173398fbbbacd07318865b4209fc4c
                                                                                                                                                                                                                                                                                                • Instruction ID: ddf346f8efe4dee5b0eedf52514313cad8bf85a45c6f5dabeb77805c448f8c29
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 00f659de1a678aa9a3cce432b3f98fc465173398fbbbacd07318865b4209fc4c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65D19F319052499EDF25EFA8C845AFFBBB4FF10304F044569E492E7292DB309A48CB62
                                                                                                                                                                                                                                                                                                Function 008ACA2A Relevance: 31.9, APIs: 7, Strings: 11, Instructions: 380sleepfileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,ApplyXmlCabUpdate,00000000), ref: 008ACE5C
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,ApplyXmlCabUpdate,00000000), ref: 008ACE64
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8,?,ApplyXmlCabUpdate,00000000), ref: 008ACE7D
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DeleteErrorFileLastSleep
                                                                                                                                                                                                                                                                                                • String ID: %s attribute is empty$%s attribute is mandatory for cab node$%s is already downloaded as %s, skipping download$.cab$ApplyXmlCabUpdate$Processing cab node: %s$R$Update file:%s has broken signature$cab$dst$srcurl
                                                                                                                                                                                                                                                                                                • API String ID: 3792865491-2762799441
                                                                                                                                                                                                                                                                                                • Opcode ID: 5979b125c508d405ed78ec9f80fb07ad172004d0459c5591915b3526024caf33
                                                                                                                                                                                                                                                                                                • Instruction ID: ea6811748550231315806d16f130913a51e3e00fc1c9af4dc049b29824737894
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5979b125c508d405ed78ec9f80fb07ad172004d0459c5591915b3526024caf33
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 32E16A30900249EAEF18EBA8D956AEDBBB0FF15314F248159E012B76D1DB716E05CB52
                                                                                                                                                                                                                                                                                                Function 008B4DAC Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • WTSEnumerateSessionsW.WTSAPI32(00000000,00000000,00000001,?,?,0000002C,008B429F), ref: 008B4E05
                                                                                                                                                                                                                                                                                                • WTSFreeMemory.WTSAPI32(00000000), ref: 008B4EE1
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: GetCurrentThread.KERNEL32 ref: 008A18D8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: OpenThreadToken.ADVAPI32(00000000,00000020,00000001,00000000), ref: 008A18F3
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: GetLastError.KERNEL32 ref: 008A18FF
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: ImpersonateSelf.ADVAPI32(00000002), ref: 008A190A
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: GetLastError.KERNEL32 ref: 008A1914
                                                                                                                                                                                                                                                                                                • WTSQueryUserToken.WTSAPI32(00000000,?), ref: 008B4E51
                                                                                                                                                                                                                                                                                                • ImpersonateLoggedOnUser.ADVAPI32(?), ref: 008B4E5E
                                                                                                                                                                                                                                                                                                • WinHttpGetIEProxyConfigForCurrentUser.WINHTTP(?), ref: 008B4E6C
                                                                                                                                                                                                                                                                                                • RevertToSelf.ADVAPI32 ref: 008B4E74
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 008B4E7D
                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 008B4E90
                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 008B4EAA
                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 008B4EB9
                                                                                                                                                                                                                                                                                                • WinHttpGetIEProxyConfigForCurrentUser.WINHTTP(?,0000002C,008B429F), ref: 008B4EF6
                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 008B4F13
                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 008B4F29
                                                                                                                                                                                                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 008B4F34
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Free$Global$User$Current$ConfigErrorHttpImpersonateLastProxySelfThreadToken$CloseEnumerateHandleLoggedMemoryOpenQueryRevertSessions
                                                                                                                                                                                                                                                                                                • String ID: ;= $SeTcbPrivilege$http$https
                                                                                                                                                                                                                                                                                                • API String ID: 4011978727-2753584122
                                                                                                                                                                                                                                                                                                • Opcode ID: 4515b7022c5e3a451dd0f5b656102106f6361c3014ca17588c787d48ca6247ea
                                                                                                                                                                                                                                                                                                • Instruction ID: ed975247759d37c3b9e9396f93aa1cf1ed26e023ce26f597503a407c9ff02e01
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4515b7022c5e3a451dd0f5b656102106f6361c3014ca17588c787d48ca6247ea
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB918F31904209EEDF15EBA8D94ABEEBBB9FF04304F544069E001F62D1DB749E49CB62
                                                                                                                                                                                                                                                                                                Function 0088D30B Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 263COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,0000003C,008B4C69,00002710,00000010,008B4D2E,?,00000000,FFFFD8F0,000000FF), ref: 0088D357
                                                                                                                                                                                                                                                                                                • GetTempPathW.KERNEL32(00000104,00000000,00000104,?,00000000,FFFFD8F0,000000FF), ref: 0088D37E
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,00000000,FFFFD8F0,000000FF), ref: 0088D58F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseCreateEventHandlePathTemp
                                                                                                                                                                                                                                                                                                • String ID: AvEmUpdate download
                                                                                                                                                                                                                                                                                                • API String ID: 366858269-3525673944
                                                                                                                                                                                                                                                                                                • Opcode ID: e54e24b5f5a87ce10d0415644c68e943810ddbe3b1dff71fb387afa52ae1f636
                                                                                                                                                                                                                                                                                                • Instruction ID: b017289e4598d28e1c87d7af308b87e2cf702cba8a2b4d4ee8b070a8b5f11839
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e54e24b5f5a87ce10d0415644c68e943810ddbe3b1dff71fb387afa52ae1f636
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92A16170A00305AFDB14EFA9C898A9EBBB8FF58714F108059F505EB2A1DB74DE05DB21
                                                                                                                                                                                                                                                                                                Function 0089CB53 Relevance: 26.6, APIs: 12, Strings: 3, Instructions: 313sleepfileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNEL32(?), ref: 0089CD3D
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089CD48
                                                                                                                                                                                                                                                                                                • CopyFileW.KERNEL32(?,?,00000000), ref: 0089CD74
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000), ref: 0089CD7C
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8,?,00000000), ref: 0089CD9D
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0089CE34
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0089CE6B
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32 ref: 0089CE85
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089CE8D
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 0089CEA6
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089CEB5
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0089CF9C
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$CloseFileHandle$Sleep$AttributesCopyDelete
                                                                                                                                                                                                                                                                                                • String ID: MakeFileLocal$W$https://
                                                                                                                                                                                                                                                                                                • API String ID: 3240575438-3488284308
                                                                                                                                                                                                                                                                                                • Opcode ID: b1d9c09f32b08af6477ebc35007006af9ce8da3dffedd84b1eb26aafb1931f84
                                                                                                                                                                                                                                                                                                • Instruction ID: 849baa17e389a7a1582d0dfea46aa8baf88802e2128d33653d082584ac4b74b9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1d9c09f32b08af6477ebc35007006af9ce8da3dffedd84b1eb26aafb1931f84
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 96C17F719012189EDF24EB68CC85BAEBBF8FB54314F18859AE449E3191DE318F85CB91
                                                                                                                                                                                                                                                                                                Function 008B59B9 Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 74libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,008B5959,?,00896EA4,?,EvaluateFileCondition,?,000000B8,?,?,?), ref: 008B59DF
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 008B59FC
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 008B5A06
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,IsWow64Process2), ref: 008B5A11
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(?,?,008B5959,?,00896EA4,?,EvaluateFileCondition,?,000000B8,?,?,?), ref: 008B5A24
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64EnableWow64FsRedirection), ref: 008B5A3E
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 008B5A49
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 008B5A54
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressProc$CurrentHandleModuleProcess
                                                                                                                                                                                                                                                                                                • String ID: GetSystemWow64DirectoryW$IsWow64Process$IsWow64Process2$Wow64DisableWow64FsRedirection$Wow64EnableWow64FsRedirection$Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                • API String ID: 977827838-3607082105
                                                                                                                                                                                                                                                                                                • Opcode ID: 0ee88ba392fb5715e318b0ba6933987aaf865f4d50423fe7142f62488fd97f22
                                                                                                                                                                                                                                                                                                • Instruction ID: 95ccdaf25b0ed66e47c5e57b2d1469b127bbcc8c1f0190ee40556d95d26c1cbf
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0ee88ba392fb5715e318b0ba6933987aaf865f4d50423fe7142f62488fd97f22
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FF214C70A04B15DFD7348F299884957FBF8FF94B057018A2EA086E2B50D770EA408F54
                                                                                                                                                                                                                                                                                                Function 008A2A70 Relevance: 24.2, APIs: 16, Instructions: 180filesleepCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000005,?,00000003), ref: 008A2A7D
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8,?,80000000,00000005,?,00000003), ref: 008A2AA1
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2AB7
                                                                                                                                                                                                                                                                                                • GetFileSizeEx.KERNEL32(0088BAAE,?,0091CAB0,00000054,008AC819,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2AC5
                                                                                                                                                                                                                                                                                                • CreateFileMappingW.KERNEL32(0088BAAE,00000000,00000002,00000000,00000000,00000000,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2AEF
                                                                                                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,?,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2B04
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,?,?,00000002,?,?,?,?,0000000D,?,00000002), ref: 008A2B41
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8,?,?,00000002,?,?,?,?,0000000D,?,00000002), ref: 008A2B65
                                                                                                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(?,0091CAB0,00000054,008AC819,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2C18
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(008B3E3B,0091CAB0,00000054,008AC819,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2C2C
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,0091CAB0,00000054,008AC819,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2C37
                                                                                                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000,0091CAB0,00000054,008AC819,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2C3E
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000238,0091CAB0,00000054,008AC819,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2C4C
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(0088BAAE,0091CAB0,00000054,008AC819,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2C57
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: File$CloseHandle$CreateView$SleepUnmap$ErrorLastMappingSize
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3502117232-0
                                                                                                                                                                                                                                                                                                • Opcode ID: e6aa1e98287ac6188f7c9f3bfd325f31ea27ba11fcd6189f3a69055ee3016345
                                                                                                                                                                                                                                                                                                • Instruction ID: f27a4307d373f72e006b965c671d4ac3d59459a23edb81ca3aa491ae85150776
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e6aa1e98287ac6188f7c9f3bfd325f31ea27ba11fcd6189f3a69055ee3016345
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BE512D71E04218ABEF309FADDC88AEEBBB8FF0A360F144615F515E6690D7709841DB60
                                                                                                                                                                                                                                                                                                Function 0089D2AF Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 205filesleepCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,40000000,00000005,00000000,00000000,00000080,00000000,CopyResourceToFileOrBuffer,?,00000034,008B4BB8,?,00000000), ref: 0089D36E
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089D377
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 0089D394
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089D3A8
                                                                                                                                                                                                                                                                                                • SetFilePointer.KERNEL32(000000FF,00000000,00000000,00000002), ref: 0089D3C1
                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(000000FF,00000000,00000000,00000000,00000000), ref: 0089D427
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089D43D
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 0089D45C
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0089D472
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089D47A
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 0089D49B
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorFileLast$Sleep$CloseCreateDeleteHandlePointerWrite
                                                                                                                                                                                                                                                                                                • String ID: CopyResourceToFileOrBuffer$W
                                                                                                                                                                                                                                                                                                • API String ID: 2192737201-2625506230
                                                                                                                                                                                                                                                                                                • Opcode ID: 07469206ada13125ca9b380f9bb8c9bc216ef655f59675f8241d22b59055525f
                                                                                                                                                                                                                                                                                                • Instruction ID: 97950a77dd67114400291a09e81314b87d05cf6b4f71e2113275f3f952cb9774
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 07469206ada13125ca9b380f9bb8c9bc216ef655f59675f8241d22b59055525f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F3718A71E0031A9FDF20AFA8D844BAEBB74FF44715F288219E911E7290E7709D44DB69
                                                                                                                                                                                                                                                                                                Function 008B0C61 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 194registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(advapi32.dll,HandleRegistry,?,00000020,008AA750), ref: 008B0C93
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 008B0CA3
                                                                                                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 008B0D4F
                                                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,00000000), ref: 008B0D9F
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(0000EA60,00001388,00000000,000F003F,?), ref: 008B0DCF
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00010000,00000000,00000000,00000000,?), ref: 008B0DF5
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00010000,00000000,00927444,00000000,?), ref: 008B0E37
                                                                                                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(?,00010000), ref: 008B0E59
                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,00010000,00000000,00000000,00926288,00926288), ref: 008B0E72
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008B0E91
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Value$DeleteQuery$AddressCloseCreateHandleModuleOpenProc
                                                                                                                                                                                                                                                                                                • String ID: HandleRegistry$RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                • API String ID: 1287369111-284865465
                                                                                                                                                                                                                                                                                                • Opcode ID: 5f20b678c3cef8546d1539a7506ec9a211f9f2f3a5988aeb596ec86f8bfbe92e
                                                                                                                                                                                                                                                                                                • Instruction ID: 7d60a1c1c609204e506c28604541b09859f4573b17cf3d4b9b7b62b8b334a8c7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5f20b678c3cef8546d1539a7506ec9a211f9f2f3a5988aeb596ec86f8bfbe92e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5A719A7290070AAFDB228FA4CC44BEFBBB5FF48310F140A19E595A22A1D771AA45DF51
                                                                                                                                                                                                                                                                                                Function 0089FF4F Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 175filesleepCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000005,00000000,00000003,00000000,00000000,?,00000058,00000008,008970A5,00000001,?,0091045C,?,?), ref: 008A001D
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,80000000,00000005,00000000,00000003,00000000,00000000,?,00000058,00000008,008970A5,00000001,?,0091045C,?,?), ref: 008A0028
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8,?,80000000,00000005,00000000,00000003,00000000,00000000,?,00000058,00000008,008970A5,00000001,?,0091045C,?), ref: 008A003E
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,80000000,00000005,00000000,00000003,00000000,00000000,?,00000058,00000008,008970A5,00000001,?,0091045C,?,?), ref: 008A0050
                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,80000000,00000005,00000000,00000003,00000000,00000000,?,00000058,00000008,008970A5,00000001,?,0091045C), ref: 008A005D
                                                                                                                                                                                                                                                                                                • CreateFileMappingW.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000,?,80000000,00000005,00000000,00000003,00000000,00000000,?,00000058,00000008), ref: 008A0077
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,80000000,00000005,00000000,00000003,00000000,00000000,?,00000058,00000008,008970A5,00000001,?,0091045C,?,?), ref: 008A0086
                                                                                                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000009,?,80000000,00000005,00000000,00000003,00000000,00000000,?,00000058,00000008,008970A5), ref: 008A009E
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,80000000,00000005,00000000,00000003,00000000,00000000,?,00000058,00000008,008970A5,00000001,?,0091045C,?,?), ref: 008A00AB
                                                                                                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(?,?,80000000,00000005,00000000,00000003,00000000,00000000,?,00000058,00000008,008970A5,00000001,?,0091045C,?), ref: 008A0113
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,80000000,00000005,00000000,00000003,00000000,00000000,?,00000058,00000008,008970A5,00000001,?,0091045C,?), ref: 008A011F
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,80000000,00000005,00000000,00000003,00000000,00000000,?,00000058,00000008,008970A5,00000001,?,0091045C,?), ref: 008A0126
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: File$ErrorLast$CloseCreateHandleView$MappingSizeSleepUnmap
                                                                                                                                                                                                                                                                                                • String ID: W
                                                                                                                                                                                                                                                                                                • API String ID: 1203815886-655174618
                                                                                                                                                                                                                                                                                                • Opcode ID: ec72eaa16df890814674e9e15e647c0c022b2bd850e83146470311412840683a
                                                                                                                                                                                                                                                                                                • Instruction ID: f0b2845c05675a2f74c2bc71be6283e8220d582d17dcfc9f58f4ece31b84d74f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec72eaa16df890814674e9e15e647c0c022b2bd850e83146470311412840683a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19517D31805609AFEF15DBA8C805BFEBBB9FF0A310F254018E901F7290DA715E018B62
                                                                                                                                                                                                                                                                                                Function 0089FD50 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 170filesleepCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(000000B8,80000000,00000005,00000000,00000003,00000000,00000000,?,00000070,00000008,0089705E,00000001,?,0091045C,?,?), ref: 0089FE23
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000070,00000008,0089705E,00000001,?,0091045C,?,?,0091045C,?,?), ref: 0089FE2E
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8,?,00000070,00000008,0089705E,00000001,?,0091045C,?,?,0091045C,?,?), ref: 0089FE44
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000070,00000008,0089705E,00000001,?,0091045C,?,?,0091045C,?,?), ref: 0089FE53
                                                                                                                                                                                                                                                                                                • GetFileSize.KERNEL32(00000000,00000000,?,00000070,00000008,0089705E,00000001,?,0091045C,?,?,0091045C,?,?), ref: 0089FE60
                                                                                                                                                                                                                                                                                                • CreateFileMappingW.KERNEL32(00000000,00000000,00000002,00000000,00000000,00000000,?,00000070,00000008,0089705E,00000001,?,0091045C,?,?,0091045C), ref: 0089FE7A
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000070,00000008,0089705E,00000001,?,0091045C,?,?,0091045C,?,?), ref: 0089FE89
                                                                                                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00000009,?,00000070,00000008,0089705E,00000001,?,0091045C,?,?,0091045C,?), ref: 0089FEA1
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000070,00000008,0089705E,00000001,?,0091045C,?,?,0091045C,?,?), ref: 0089FEAE
                                                                                                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(?,?,00000070,00000008,0089705E,00000001,?,0091045C,?,?,0091045C,?,?), ref: 0089FF18
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000070,00000008,0089705E,00000001,?,0091045C,?,?,0091045C,?,?), ref: 0089FF24
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000070,00000008,0089705E,00000001,?,0091045C,?,?,0091045C,?,?), ref: 0089FF2B
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: File$ErrorLast$CloseCreateHandleView$MappingSizeSleepUnmap
                                                                                                                                                                                                                                                                                                • String ID: W
                                                                                                                                                                                                                                                                                                • API String ID: 1203815886-655174618
                                                                                                                                                                                                                                                                                                • Opcode ID: d5781b9f67b94ea78c7f776466739deaabdb2060752b70e30ac7c563d49ff5dd
                                                                                                                                                                                                                                                                                                • Instruction ID: f4f2681a5526b71c4c3d00688b7d16f3595b3f48e556ee4e3dafcff008b0244b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d5781b9f67b94ea78c7f776466739deaabdb2060752b70e30ac7c563d49ff5dd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C051B0319042099FDF15EBA8DC04BBEBBB9FF49310F298069E511F7292DB705E059BA1
                                                                                                                                                                                                                                                                                                Function 00899597 Relevance: 21.4, APIs: 3, Strings: 9, Instructions: 440registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00000001,?,?,00911160,000000FF,?,00911160,000000FF,00000074,00911160,000000FF,00000074,00911160), ref: 0089997B
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,(32),(64),00000074,?,00000074,00911160,000000FF,00000074,EvaluateRegistryValueCondition,0088BA70,00000054,80070057,00000000,00911160,000000FF), ref: 00899A70
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,EvaluateRegistryValueCondition,0088BA70,00000054,80070057,00000000,00911160,000000FF,00000000,00911160,000000FF,?,?,00000000), ref: 00899A91
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Close$Open
                                                                                                                                                                                                                                                                                                • String ID: (32)$(64)$EvaluateRegistryValueCondition$Unknown registry value type specified, %s$W$reg_dword$reg_expand_sz$reg_multi_sz$reg_sz
                                                                                                                                                                                                                                                                                                • API String ID: 2976201327-2146582375
                                                                                                                                                                                                                                                                                                • Opcode ID: a76eb71788ba1ae636706613ae3a2c9c79aa5eba6585cea6d6c2b49edbbcd0c4
                                                                                                                                                                                                                                                                                                • Instruction ID: 25d4120d3195896af79dee1ba7eda1d5f3116c949c68a0a84ff749517c342d3f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a76eb71788ba1ae636706613ae3a2c9c79aa5eba6585cea6d6c2b49edbbcd0c4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 24028731900259EADF08EBA8D995AEEBBB8FF10304F18415EE152F71D1DB745A09CB62
                                                                                                                                                                                                                                                                                                Function 0089D546 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 305sleepfileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,0000009C,0088B9E2), ref: 0089D654
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,?,?,00000009), ref: 0089D90E
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000009), ref: 0089D916
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8,?,?,?,?,?,?,?,?,00000009), ref: 0089D92F
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: UuidCreate.RPCRT4(?), ref: 0089EBE8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: UuidToStringW.RPCRT4(?,00000000), ref: 0089EC01
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: GetTickCount.KERNEL32 ref: 0089EC1E
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: RpcStringFreeW.RPCRT4(00000000), ref: 0089EC77
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: StringUuid$CloseCountCreateDeleteErrorFileFreeHandleLastSleepTick
                                                                                                                                                                                                                                                                                                • String ID: %u_Dll$.ini$Patches$PrepareRemotePatchDescriptor$W$xQ[
                                                                                                                                                                                                                                                                                                • API String ID: 3750466484-38709369
                                                                                                                                                                                                                                                                                                • Opcode ID: 04a6185d1542bb2605e9c842db6576a51b71f5c8b6f7e29ba7af12956cf115b9
                                                                                                                                                                                                                                                                                                • Instruction ID: 85bd5de9afaa9c91d5f51f1546a66ede2043476e91d42d23a5dc9ad663ae1232
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 04a6185d1542bb2605e9c842db6576a51b71f5c8b6f7e29ba7af12956cf115b9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F2C15830D04359DEDF25EBA8C985AEDBBB4FF10304F248069E056EB292DB705A49DF52
                                                                                                                                                                                                                                                                                                Function 008B128E Relevance: 21.3, APIs: 4, Strings: 8, Instructions: 275registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008EA555: GetSystemTimeAsFileTime.KERNEL32(?,00000720,?,?,?,?,0089EB15,00000000,?,RegisterRestartJob_1,?), ref: 008EA56A
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,00000000,?), ref: 008B14E7
                                                                                                                                                                                                                                                                                                • RegCreateKeyExW.ADVAPI32(00000000,EmUpdateVolatile,00000000,00000000,00000001,00020006,00000000,?,00000000,?,00000000), ref: 008B1583
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 008B15A6
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008B160C
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • PendingNotifications, xrefs: 008B1595
                                                                                                                                                                                                                                                                                                • Notification skipped (GA disabled for this client), xrefs: 008B15E0
                                                                                                                                                                                                                                                                                                • %I64u, xrefs: 008B1488
                                                                                                                                                                                                                                                                                                • EmUpdateVolatile, xrefs: 008B1575
                                                                                                                                                                                                                                                                                                • Scheduling notification %s, xrefs: 008B154B
                                                                                                                                                                                                                                                                                                • Sending notification %s, xrefs: 008B15B4
                                                                                                                                                                                                                                                                                                • Unable to open product registry key gle=%u, xrefs: 008B14F7
                                                                                                                                                                                                                                                                                                • HandleNotifications, xrefs: 008B12AF
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseTime$CreateFileOpenSystem
                                                                                                                                                                                                                                                                                                • String ID: %I64u$EmUpdateVolatile$HandleNotifications$Notification skipped (GA disabled for this client)$PendingNotifications$Scheduling notification %s$Sending notification %s$Unable to open product registry key gle=%u
                                                                                                                                                                                                                                                                                                • API String ID: 628778338-2919816809
                                                                                                                                                                                                                                                                                                • Opcode ID: 2bd400f3f9cf57d3e078b5de94711d9925f2a47a3de34968dffb3412dd777dc5
                                                                                                                                                                                                                                                                                                • Instruction ID: ea863f79a184ce1d99584e621195a92dc18d444ba30b98f2ed24d8b898e8e43a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2bd400f3f9cf57d3e078b5de94711d9925f2a47a3de34968dffb3412dd777dc5
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0EC18B70D04258EEDF25EBA8CD89BDDBBB5FF45304F104099E119AB292DB705A89CF12
                                                                                                                                                                                                                                                                                                Function 00888D72 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 180registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,SetupVersion,00000000,00000000,?,00000004), ref: 00888DA7
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,UpdateVersion,00000000,00000000,?,00000004), ref: 00888EC4
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,0090E79C,00000000,00000000,?,00000208), ref: 00888F38
                                                                                                                                                                                                                                                                                                • RpcStringFreeW.RPCRT4(00000000), ref: 008890FF
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00889114
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: QueryValue$CloseFreeString
                                                                                                                                                                                                                                                                                                • String ID: HZ[$KillProcesses$RestartService$SetupVersion$StartService$StopService$UpdateVersion
                                                                                                                                                                                                                                                                                                • API String ID: 1457735283-1231697239
                                                                                                                                                                                                                                                                                                • Opcode ID: 30f3bf5c72c692f652cf4bc5762dc225531dba00c9515f36ad0da6223ad10e2c
                                                                                                                                                                                                                                                                                                • Instruction ID: 3cde1d7b1aad456e8b85ed4a1c6fc3ee9d68e2dee8f2e701bf246d32f5aab51f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30f3bf5c72c692f652cf4bc5762dc225531dba00c9515f36ad0da6223ad10e2c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB817A30905268DECB25EB68CD98BADBBB9FB44304F1440D9E109E72A1DB309F89CF55
                                                                                                                                                                                                                                                                                                Function 008D3650 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • InitializeCriticalSectionAndSpinCount.KERNEL32(00925644,00000FA0,?,?,008D362E), ref: 008D365C
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,008D362E), ref: 008D3667
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,008D362E), ref: 008D3678
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 008D368A
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 008D3698
                                                                                                                                                                                                                                                                                                • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,008D362E), ref: 008D36BB
                                                                                                                                                                                                                                                                                                • DeleteCriticalSection.KERNEL32(00925644,00000007,?,?,008D362E), ref: 008D36D7
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,008D362E), ref: 008D36E7
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • WakeAllConditionVariable, xrefs: 008D3690
                                                                                                                                                                                                                                                                                                • kernel32.dll, xrefs: 008D3673
                                                                                                                                                                                                                                                                                                • SleepConditionVariableCS, xrefs: 008D3684
                                                                                                                                                                                                                                                                                                • api-ms-win-core-synch-l1-2-0.dll, xrefs: 008D3662
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
                                                                                                                                                                                                                                                                                                • String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                • API String ID: 2565136772-3242537097
                                                                                                                                                                                                                                                                                                • Opcode ID: 7e97de7445cd62fb40cdf673a72e74801b4e0faaa0e626314f04cf6591d987f0
                                                                                                                                                                                                                                                                                                • Instruction ID: f6fe19db8c3bdd13abf2808eb7a6dc6d95da1dc11318efe38bf54bd85aa1a755
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7e97de7445cd62fb40cdf673a72e74801b4e0faaa0e626314f04cf6591d987f0
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9201D4707687217FDB311B79BC0DA663BACFBA8B157414221F900D6390DB70CE00BA61
                                                                                                                                                                                                                                                                                                Function 008A1DC3 Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 276libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,0000002C), ref: 008A1E0A
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000), ref: 008A1E11
                                                                                                                                                                                                                                                                                                • K32EnumProcesses.KERNEL32(00000000,00000400,?,?,?,0000002C), ref: 008A1E65
                                                                                                                                                                                                                                                                                                • OpenProcess.KERNEL32(00000411,00000000,00000000,?,0000002C), ref: 008A1EC8
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressEnumHandleModuleOpenProcProcessProcesses
                                                                                                                                                                                                                                                                                                • String ID: SeDebugPrivilege$kernel32.dll
                                                                                                                                                                                                                                                                                                • API String ID: 2345035338-1993400412
                                                                                                                                                                                                                                                                                                • Opcode ID: 785eb6419bffdbcf80afd44bb2961ad2c106bd9d56a6c24dcbe548b520d4cc47
                                                                                                                                                                                                                                                                                                • Instruction ID: 396f386cdc8c92b57fa838c491584d2670abb576686996d3935c3e9b734144ae
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 785eb6419bffdbcf80afd44bb2961ad2c106bd9d56a6c24dcbe548b520d4cc47
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1A16971900609AFEF18EFA8C849AEEBBB4FB05310F108119F915E7291EB709A05DB52
                                                                                                                                                                                                                                                                                                Function 008A1346 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 200registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,00000000,?), ref: 008A137B
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,PendingFileDeleteOperations,00000000,?,00000000,?), ref: 008A13B2
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 008A1555
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                • String ID: PendingFileDeleteOperations
                                                                                                                                                                                                                                                                                                • API String ID: 3677997916-1189029018
                                                                                                                                                                                                                                                                                                • Opcode ID: ebc30d6516d1fecac5ad91351148a0249cc1507f9f4dbb7034289753bafa37af
                                                                                                                                                                                                                                                                                                • Instruction ID: 9054a49a40b86933c13840530ffcf4f8ce989033bc56d29d3533df9a2756cb4a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ebc30d6516d1fecac5ad91351148a0249cc1507f9f4dbb7034289753bafa37af
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA61AF71E01219AFEF15DFA8DC88ABEBBBAFF49314F144069E402E7610E7709E418B54
                                                                                                                                                                                                                                                                                                Function 008B7510 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 165fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetFileSizeEx.KERNEL32(?,?,01348D3A,?), ref: 008B7547
                                                                                                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000,?,?,01348D3A,?), ref: 008B7618
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,01348D3A,?), ref: 008B762D
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(FFFFFFFF,?,?,01348D3A,?), ref: 008B7643
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008D51F2: RaiseException.KERNEL32(E06D7363,00000001,00000003,0088A1B7,?,?,?,?,0088A1B7,01348D3A,00921618,01348D3A), ref: 008D5252
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(Unable to get file size!,?,?,01348D3A,?), ref: 008B7677
                                                                                                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(?,01348D3A,?,00000000,00901290,000000FF,?,01348D3A,009216DC,Unable to retrieve pointer of the unmapped view!,?,009216DC,00000000,?,?,01348D3A), ref: 008B76E4
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,01348D3A,?,00000000,00901290,000000FF,?,01348D3A,009216DC,Unable to retrieve pointer of the unmapped view!,?,009216DC,00000000,?,?,01348D3A), ref: 008B770B
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,01348D3A,?,00000000,00901290,000000FF,?,01348D3A,009216DC,Unable to retrieve pointer of the unmapped view!,?,009216DC,00000000,?,?,01348D3A), ref: 008B7727
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Unable to get file size!, xrefs: 008B7672
                                                                                                                                                                                                                                                                                                • Unable to retrieve pointer of the unmapped view!, xrefs: 008B7694
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseHandle$File$UnmapView$ErrorExceptionLastRaiseSize
                                                                                                                                                                                                                                                                                                • String ID: Unable to get file size!$Unable to retrieve pointer of the unmapped view!
                                                                                                                                                                                                                                                                                                • API String ID: 1543839074-1313134473
                                                                                                                                                                                                                                                                                                • Opcode ID: 0eb4d844462a7811e959011f0b3dff01e9eb53ef12c697373470080a786650c8
                                                                                                                                                                                                                                                                                                • Instruction ID: 583812b97da6b9cbe134a3217c78b3bcd357546682910669d30edac29b649aac
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0eb4d844462a7811e959011f0b3dff01e9eb53ef12c697373470080a786650c8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57618C71D187489FDB10DFA8D949BDEBBB8FB59714F108619E821E3380DB74AA44CB90
                                                                                                                                                                                                                                                                                                Function 008A09A0 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 387registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000002,?,00000000,00020019,?,0089C9C6,Geo: %s), ref: 008A09E8
                                                                                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,00000000,00000000,00000100,?,00000000,?,00000000,?), ref: 008A0BCA
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A06B1: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000), ref: 008A06DE
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A06B1: RegCloseKey.ADVAPI32(00000000), ref: 008A071D
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A0729: GetLongPathNameW.KERNEL32(?,00000000,00000104), ref: 008A082E
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,Protected,00000000,00020019,?), ref: 008A0C0D
                                                                                                                                                                                                                                                                                                • RegEnumValueW.ADVAPI32(?,00000000,00000000,00000100,?,00000000,?,00000000,?), ref: 008A0DCF
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008A0DFF
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008A0E0E
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseOpen$EnumValue$LongNamePath
                                                                                                                                                                                                                                                                                                • String ID: MoveFile | %[^|] | %[^|] $Protected$SYSTEM\Software\%s\Icarus\Pending Operations
                                                                                                                                                                                                                                                                                                • API String ID: 3168683942-4144328247
                                                                                                                                                                                                                                                                                                • Opcode ID: 7eda9363c0260db01c175b5bc3c04a0f7f7d4fb7a3a9cef991e7068a16c3fa73
                                                                                                                                                                                                                                                                                                • Instruction ID: edf4b00c9bffa13c668a03a6cf42295add28e0ca9cfd412ae57986e760a73f58
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7eda9363c0260db01c175b5bc3c04a0f7f7d4fb7a3a9cef991e7068a16c3fa73
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65E17F71D002199FEB18EBA8C9859FEB7B9FF15304F14412AE512E7681EB706E05CF62
                                                                                                                                                                                                                                                                                                Function 0089D0C3 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 155filesleepCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(00000000,80000000,00000005,00000000,00000003,00000080,00000000,CopyFileOrBufferToResource,?,00000030,008B49FB,?), ref: 0089D169
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089D174
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 0089D18A
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089D19C
                                                                                                                                                                                                                                                                                                • ReadFile.KERNEL32(000000FF,00000000,00000000,00000000,?,00000030,008B49FB,?), ref: 0089D1ED
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089D270
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 0089D289
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$File$CloseCreateHandleReadSleep
                                                                                                                                                                                                                                                                                                • String ID: CopyFileOrBufferToResource$W
                                                                                                                                                                                                                                                                                                • API String ID: 3717527711-2555685857
                                                                                                                                                                                                                                                                                                • Opcode ID: 188c74f105e8c3c10f5b1e66f6a540c52c6c8ebc503d4842a1592769cbab74c0
                                                                                                                                                                                                                                                                                                • Instruction ID: 48a87021d91898993d61902f4de5f2703dfa6740a44d1d8f4c37cf5f4796ae0b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 188c74f105e8c3c10f5b1e66f6a540c52c6c8ebc503d4842a1592769cbab74c0
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA514871D0431A9FDF20EFE8D944AAEBBB5FB44710F28421AE410F7290D770AA45DBA5
                                                                                                                                                                                                                                                                                                Function 008B4C95 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 87timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateWaitableTimerW.KERNEL32(00000000,00000001,00000000), ref: 008B4CC4
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008B4CD0
                                                                                                                                                                                                                                                                                                • SetWaitableTimer.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,?,00000000,FFFFD8F0,000000FF), ref: 008B4CF8
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,FFFFD8F0,000000FF), ref: 008B4D02
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,?,00000000,FFFFD8F0,000000FF), ref: 008B4D36
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorLastTimerWaitable$CloseCreateHandle
                                                                                                                                                                                                                                                                                                • String ID: ERR$Internet connection not available$WaitForInternetConnection
                                                                                                                                                                                                                                                                                                • API String ID: 2760849456-1940837237
                                                                                                                                                                                                                                                                                                • Opcode ID: bc25d49147ef6a538e5b4e8adf8675107b64f797fb15a60edd0e706221b3a1f0
                                                                                                                                                                                                                                                                                                • Instruction ID: 9bf8d4f497e3ebf324fd8298644e6eefdfbbfa5d8ffd94588fde8bcdf1522c62
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: bc25d49147ef6a538e5b4e8adf8675107b64f797fb15a60edd0e706221b3a1f0
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A631717090521AEFEB10ABA8CC469FEBA78FF14754F584529E411F3392DB704E41DBA2
                                                                                                                                                                                                                                                                                                Function 008B199F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 86registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleW.KERNEL32(advapi32.dll), ref: 008B19AE
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 008B19BE
                                                                                                                                                                                                                                                                                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 008B1A1D
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008B1A78
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressCloseDeleteHandleModuleProc
                                                                                                                                                                                                                                                                                                • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                • API String ID: 1060142889-4033151799
                                                                                                                                                                                                                                                                                                • Opcode ID: d9e7c57c4bf3dfe44092773d36c56dd397133d16cd4aa735ece4373bf9f6f530
                                                                                                                                                                                                                                                                                                • Instruction ID: b36e57d03d240fd031690423408eebe0363980fe8b48b83fe7385f99df70d489
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d9e7c57c4bf3dfe44092773d36c56dd397133d16cd4aa735ece4373bf9f6f530
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 84314871616254BFEB26CB54C86CFA67F7AFB44314F958198E0009B6B2C770EE40EB51
                                                                                                                                                                                                                                                                                                Function 008B1843 Relevance: 15.1, APIs: 10, Instructions: 108sleepfileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RemoveDirectoryW.KERNEL32(?,?,00000028,008AA9B5), ref: 008B18A1
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?,?,00000028,008AA9B5), ref: 008B18C8
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000028,008AA9B5), ref: 008B18D0
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8,?,00000028,008AA9B5), ref: 008B18E9
                                                                                                                                                                                                                                                                                                • MoveFileW.KERNEL32(?,?), ref: 008B190D
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000028,008AA9B5), ref: 008B1915
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8,?,00000028,008AA9B5), ref: 008B192E
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089FACF: GetFileAttributesW.KERNEL32(?,?,00000024,00896FB8,?,0091045C,?,?,?,EvaluateFileCondition,?,000000B8,?,?,?), ref: 0089FAEB
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: File$ErrorLastSleep$AttributesDeleteDirectoryMoveRemove
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 852520878-0
                                                                                                                                                                                                                                                                                                • Opcode ID: cd925818fa0b9bfb8cc84ee221aa00977d2e105519f332886be56ed880adbb10
                                                                                                                                                                                                                                                                                                • Instruction ID: 2d43de1ef368a5f8c11901645d47c7c6337319cbaa255cdb886b49f6eab95270
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cd925818fa0b9bfb8cc84ee221aa00977d2e105519f332886be56ed880adbb10
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52416B316142509FCF24AF69D8BCAA87F71FF02714FA48699E416DF3A2CB21DC46DA41
                                                                                                                                                                                                                                                                                                Function 008A64EE Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 314COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A6633
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 008A66FD
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 008A675D
                                                                                                                                                                                                                                                                                                • SysStringLen.OLEAUT32(?), ref: 008A6779
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A68EE
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: String$Free$ClearVariant
                                                                                                                                                                                                                                                                                                • String ID: AswUpdate_$DeleteAlreadyExecutedRestartJobs_2$W
                                                                                                                                                                                                                                                                                                • API String ID: 2097695375-3369918620
                                                                                                                                                                                                                                                                                                • Opcode ID: 7eef58ee49db8a5f71b2d29f3d47615fab3e2d5e4ade57c407d69bb1ba91243b
                                                                                                                                                                                                                                                                                                • Instruction ID: 952e9e84e0aa4b32109d1797f1069c6a6509042221590a02f519d57d41a5b17e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7eef58ee49db8a5f71b2d29f3d47615fab3e2d5e4ade57c407d69bb1ba91243b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94E1D370910629DFDB25DB68CC58BEABBB4FF4A305F1440E8E409AB260DB759E84CF51
                                                                                                                                                                                                                                                                                                Function 0089D963 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 137sleepfileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,000000F4,0088BA70), ref: 0089DA72
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(?), ref: 0089DB43
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0089DB4B
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 0089DB64
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: UuidCreate.RPCRT4(?), ref: 0089EBE8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: UuidToStringW.RPCRT4(?,00000000), ref: 0089EC01
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: GetTickCount.KERNEL32 ref: 0089EC1E
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: RpcStringFreeW.RPCRT4(00000000), ref: 0089EC77
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: StringUuid$CloseCountCreateDeleteErrorFileFreeHandleLastSleepTick
                                                                                                                                                                                                                                                                                                • String ID: .xml$PrepareRemoteUpdateDescriptor$W$XML is not valid: "%hs" error:%u, file offset:%u
                                                                                                                                                                                                                                                                                                • API String ID: 3750466484-1065631488
                                                                                                                                                                                                                                                                                                • Opcode ID: 675cc965f05768a12e691000da4cb99c171c22815d2abf8fe8aeedd5e4be28ec
                                                                                                                                                                                                                                                                                                • Instruction ID: 9bc8515fe07df218708bd81219ad05512a37305f7f81c505306656c675a92edd
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 675cc965f05768a12e691000da4cb99c171c22815d2abf8fe8aeedd5e4be28ec
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 05516A319042A9DEDF25EBA8CD45BADB770FF10314F0885EAE50AB7291DA704E84DF25
                                                                                                                                                                                                                                                                                                Function 0089F6AC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 77registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • WTSEnumerateSessionsW.WTSAPI32(00000000,00000000,00000001,?,?), ref: 0089F6DD
                                                                                                                                                                                                                                                                                                • WTSFreeMemory.WTSAPI32(00000000), ref: 0089F76B
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: GetCurrentThread.KERNEL32 ref: 008A18D8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: OpenThreadToken.ADVAPI32(00000000,00000020,00000001,00000000), ref: 008A18F3
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: GetLastError.KERNEL32 ref: 008A18FF
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: ImpersonateSelf.ADVAPI32(00000002), ref: 008A190A
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: GetLastError.KERNEL32 ref: 008A1914
                                                                                                                                                                                                                                                                                                • WTSQueryUserToken.WTSAPI32(00000000,?), ref: 0089F70E
                                                                                                                                                                                                                                                                                                • ImpersonateLoggedOnUser.ADVAPI32(?), ref: 0089F71B
                                                                                                                                                                                                                                                                                                • RegOpenCurrentUser.ADVAPI32(000F003F,?), ref: 0089F72E
                                                                                                                                                                                                                                                                                                • RevertToSelf.ADVAPI32 ref: 0089F73F
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0089F748
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: User$CurrentErrorImpersonateLastOpenSelfThreadToken$CloseEnumerateFreeHandleLoggedMemoryQueryRevertSessions
                                                                                                                                                                                                                                                                                                • String ID: SeTcbPrivilege
                                                                                                                                                                                                                                                                                                • API String ID: 1438319228-1502394177
                                                                                                                                                                                                                                                                                                • Opcode ID: 741d9169bade9028bc891ceeabde89e02d04e31cf325185edfe1fde72d724f97
                                                                                                                                                                                                                                                                                                • Instruction ID: 2b4a64883fd7ca1a31c2407ff1bbd5f436a97bc01f984cc5fff8cd93fc6074e0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 741d9169bade9028bc891ceeabde89e02d04e31cf325185edfe1fde72d724f97
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 94217A70A14259BFDF24AFE8DC88AAEBBB8FF04B00F288165E501E6151D7709E40DB61
                                                                                                                                                                                                                                                                                                Function 008A8A44 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 61registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,00000000,?,UpdateLastAppliedPatch,?,00000030,008A8EA9), ref: 008A8A88
                                                                                                                                                                                                                                                                                                • WritePrivateProfileStringW.KERNEL32(Config,LastAppliedPatchId,?), ref: 008A8ACE
                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,LastAppliedPatchId,00000000,00000004,00927460,00000004), ref: 008A8AEB
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000298,0088BA36), ref: 008A8AF7
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseOpenPrivateProfileStringValueWrite
                                                                                                                                                                                                                                                                                                • String ID: Config$LastAppliedPatchId$Unable to open product registry key gle=%u$UpdateLastAppliedPatch
                                                                                                                                                                                                                                                                                                • API String ID: 3727668103-1593627930
                                                                                                                                                                                                                                                                                                • Opcode ID: 6cfda0d2a9d1a1990550f9a760f32622f50284bf2319e0a36a5e9ecde412ee7a
                                                                                                                                                                                                                                                                                                • Instruction ID: 8c7028dc42bf5445e713e34913832b553d4e6b254d7ca6885be0b8dc0d7ad178
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6cfda0d2a9d1a1990550f9a760f32622f50284bf2319e0a36a5e9ecde412ee7a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C213870E69219FFDB10ABA9EC46EDEBE78FB08724F408015F911F22A0DB705944DB65
                                                                                                                                                                                                                                                                                                Function 008DFF19 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008DFBBA: CreateFileW.KERNEL32(00000000,00000000,?,008DFFC2,?,?,00000000,?,008DFFC2,00000000,0000000C), ref: 008DFBD7
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008E002D
                                                                                                                                                                                                                                                                                                • GetFileType.KERNEL32(00000000), ref: 008E0040
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008E004A
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 008E0073
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 008E01C0
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008E01F2
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                • String ID: H
                                                                                                                                                                                                                                                                                                • API String ID: 3086256261-2852464175
                                                                                                                                                                                                                                                                                                • Opcode ID: 45e076966aa2b15796bde21e8bae795a7aa4cef9995889c21d0af2d07920f927
                                                                                                                                                                                                                                                                                                • Instruction ID: 84a757f22599eb4bd3d548f8effed9bd5905cded5ce113a51901a461611ad1b5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 45e076966aa2b15796bde21e8bae795a7aa4cef9995889c21d0af2d07920f927
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 52A13632A141989FCF199F68DC55BAE3BA1FB07324F14025AF911DF392CB748942DB92
                                                                                                                                                                                                                                                                                                Function 008C1FC0 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 225fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0088A916: GetProcessHeap.KERNEL32(00000000,00889575,01348D3A,?,008FABEC,000000FF), ref: 0088A950
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 008C206B
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008C2079
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?), ref: 008C223B
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseCreateErrorFileHandleHeapLastProcess
                                                                                                                                                                                                                                                                                                • String ID: SCSIDISK$\\.\Scsi%u:
                                                                                                                                                                                                                                                                                                • API String ID: 3436858811-3530472383
                                                                                                                                                                                                                                                                                                • Opcode ID: e61e23b52846841333492fdb25cf01d2f66e593b8d13de149457f3353e637afd
                                                                                                                                                                                                                                                                                                • Instruction ID: df74d4e6c6531909a032af34774280dac5d35e18d534641faa601a12c6bcce46
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e61e23b52846841333492fdb25cf01d2f66e593b8d13de149457f3353e637afd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73917FB09042499FEB11DFA8C885B9EBBF4FF09314F148159E915EB382D775DA04CBA2
                                                                                                                                                                                                                                                                                                Function 008C4210 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,01348D3A), ref: 008C426A
                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,00000000,?), ref: 008C430E
                                                                                                                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000004,00000000,?), ref: 008C4324
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000), ref: 008C4379
                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 008C43BA
                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,009216DC,Provided module is invalid or already unloaded), ref: 008C4438
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Provided module is invalid or already unloaded, xrefs: 008C4407
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CriticalSection$Leave$EnterFreeHandleLibraryModule
                                                                                                                                                                                                                                                                                                • String ID: Provided module is invalid or already unloaded
                                                                                                                                                                                                                                                                                                • API String ID: 2523167316-250373487
                                                                                                                                                                                                                                                                                                • Opcode ID: dda8e15f0b701caa07bebaefe54de2dabefa198051da4b8106d70e63e66a22f8
                                                                                                                                                                                                                                                                                                • Instruction ID: 9514e8770f916ed86a0d6dd1efe2688ee643c55a0e8f8bf5d8fed31e5f6f00b1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dda8e15f0b701caa07bebaefe54de2dabefa198051da4b8106d70e63e66a22f8
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 59617D75A10209DFCB01DFA8D884BADBBB9FF88314F15815AE805AB351DB34A945DF90
                                                                                                                                                                                                                                                                                                Function 0089E604 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,00000104,/emupdater,01348D3A), ref: 0089E753
                                                                                                                                                                                                                                                                                                • SetConsoleCtrlHandler.KERNEL32(0089E32B,00000000,01348D3A), ref: 0089E79F
                                                                                                                                                                                                                                                                                                • FreeConsole.KERNEL32 ref: 0089E7A5
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,01348D3A), ref: 0089E7B7
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Console$CloseCtrlFileFreeHandleHandlerModuleName
                                                                                                                                                                                                                                                                                                • String ID: /debug$/debugdbgout$/emupdater
                                                                                                                                                                                                                                                                                                • API String ID: 1167891858-472114437
                                                                                                                                                                                                                                                                                                • Opcode ID: e01ed17b6d0b9ef209f9d58910775599cd7f19759e99731342a7c94e4ac6313c
                                                                                                                                                                                                                                                                                                • Instruction ID: b592fedff7c941ba3f891455829f50d120713c9fbf6ecf8ef97b2b2aa0a0caf2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e01ed17b6d0b9ef209f9d58910775599cd7f19759e99731342a7c94e4ac6313c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8061D530905289DFDF09FBA8CA99AEEBBB4FF50304F14845DE052A72D1DB746A05CB52
                                                                                                                                                                                                                                                                                                Function 008B3CAA Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 141sleepfileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: UuidCreate.RPCRT4(?), ref: 0089EBE8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: UuidToStringW.RPCRT4(?,00000000), ref: 0089EC01
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: GetTickCount.KERNEL32 ref: 0089EC1E
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089EB87: RpcStringFreeW.RPCRT4(00000000), ref: 0089EC77
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 008B3D6B
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 008B3DB0
                                                                                                                                                                                                                                                                                                • DeleteFileW.KERNEL32(00000000,ApplyUpdate,00000000,00000024,008B3360,ApplyUpdates,00000000,00000010,0088BAAE), ref: 008B3E55
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008B3E5D
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 008B3E76
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089F8C8: CreateDirectoryW.KERNEL32(?,00000000,?,?,00000010,0089CD0E), ref: 0089F95C
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0089F8C8: GetLastError.KERNEL32(?,?,00000010,0089CD0E), ref: 0089F96A
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Update mver:%u file:%s has broken signature, xrefs: 008B3D94
                                                                                                                                                                                                                                                                                                • \update.xml, xrefs: 008B3CFA
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseCreateErrorHandleLastStringUuid$CountDeleteDirectoryFileFreeSleepTick
                                                                                                                                                                                                                                                                                                • String ID: Update mver:%u file:%s has broken signature$\update.xml
                                                                                                                                                                                                                                                                                                • API String ID: 2964415235-3226737248
                                                                                                                                                                                                                                                                                                • Opcode ID: 70fa955dec4828e5cfcf7098cacf939c781e2ae946fd965d4ac64e2b44b40a7b
                                                                                                                                                                                                                                                                                                • Instruction ID: 6dd534ca44dda4d80b28af7ff102c8b04a412c50890b732fdb0d5dbdb9ea4d41
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 70fa955dec4828e5cfcf7098cacf939c781e2ae946fd965d4ac64e2b44b40a7b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C0516B31D0525ADBDF24EBA8C94AAEEBB71FF04324F144259E021B72D1D7345E46CBA2
                                                                                                                                                                                                                                                                                                Function 008B0EC0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 116registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,00000000,?,HandleVersions,?,00000024,008AA7EF), ref: 008B0F09
                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,00000000,00000004,0092741C,00000004), ref: 008B0F56
                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,00000000,00000004,00927420,00000004), ref: 008B0F93
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008B100B
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Value$CloseOpen
                                                                                                                                                                                                                                                                                                • String ID: HandleVersions$MicroUpdates$Unable to open product registry key gle=%u
                                                                                                                                                                                                                                                                                                • API String ID: 3241186055-263331911
                                                                                                                                                                                                                                                                                                • Opcode ID: eeb6002f168a7a764f31badd7dd01f56ac06777a351191701faaaf670268b47c
                                                                                                                                                                                                                                                                                                • Instruction ID: 1c2af8f87189b392c37dc397738333a93d8c4085c7fc55b67a367129c1d5f23f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: eeb6002f168a7a764f31badd7dd01f56ac06777a351191701faaaf670268b47c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37417971A04249EFDB21DFA8D885EAEBBB5FB88310F104019F554E73A0D730AA42DF61
                                                                                                                                                                                                                                                                                                Function 008A1631 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,00000000,?), ref: 008A1665
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,EmUpdateVolatile,00000000,00020006,?), ref: 008A1687
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A06B1: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000), ref: 008A06DE
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A06B1: RegCloseKey.ADVAPI32(00000000), ref: 008A071D
                                                                                                                                                                                                                                                                                                • RegDeleteValueW.ADVAPI32(?,PendingNotifications), ref: 008A1719
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008A1731
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008A173C
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseOpen$DeleteValue
                                                                                                                                                                                                                                                                                                • String ID: EmUpdateVolatile$PendingNotifications
                                                                                                                                                                                                                                                                                                • API String ID: 3596760766-3320875912
                                                                                                                                                                                                                                                                                                • Opcode ID: da2f3bad3e0cbd74a83f78a27448ab566e36be5706a6d3baecbbbb5a8109148e
                                                                                                                                                                                                                                                                                                • Instruction ID: 347c87e9c1f1fbe9024e968868d9814454df6413b1f0fab28d394993774da12e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: da2f3bad3e0cbd74a83f78a27448ab566e36be5706a6d3baecbbbb5a8109148e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D31B079900209ABDF15EB99DC859AFBBBAFFC4354F148065E405A3224EB309E05DB50
                                                                                                                                                                                                                                                                                                Function 008C36B0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetFileSizeEx.KERNEL32(008C379C,?,?,FFFFFFFF,?,?,?,?,?,?,?,?,?,008C379C,?), ref: 008C36DA
                                                                                                                                                                                                                                                                                                • CreateFileMappingW.KERNEL32(008C379C,00000000,00000002,?,?,00000000,?,?,?,?,?,?,?,?,?,008C379C), ref: 008C36FF
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,008C379C,?,?,?,?,?), ref: 008C370F
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(Unable to get file size!,?,?,?,?,?,?,?,?,?,008C379C,?,?,?,?,?), ref: 008C373E
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(Unable to create file mapping!,?,009216DC,00000000,?,?,?,?,?,?,?,?,?,008C379C,?), ref: 008C3760
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Unable to get file size!, xrefs: 008C3739
                                                                                                                                                                                                                                                                                                • Unable to create file mapping!, xrefs: 008C375B
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorFileLast$CloseCreateHandleMappingSize
                                                                                                                                                                                                                                                                                                • String ID: Unable to create file mapping!$Unable to get file size!
                                                                                                                                                                                                                                                                                                • API String ID: 1040420615-1879323020
                                                                                                                                                                                                                                                                                                • Opcode ID: 628a48d506d46b0aced2923a873548aeea7e017162823ec9a253177014d560a9
                                                                                                                                                                                                                                                                                                • Instruction ID: 7398d65bcc95ebafeff26137eca88bb994b417c8f32e395f508d613b5b802504
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 628a48d506d46b0aced2923a873548aeea7e017162823ec9a253177014d560a9
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D321C8B2604208ABC724AF69DC4AFABBBBCFB44710F00862DF415D3251DB70EA4587A5
                                                                                                                                                                                                                                                                                                Function 0089FB0B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: GetCurrentThread.KERNEL32 ref: 008A18D8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: OpenThreadToken.ADVAPI32(00000000,00000020,00000001,00000000), ref: 008A18F3
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: GetLastError.KERNEL32 ref: 008A18FF
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: ImpersonateSelf.ADVAPI32(00000002), ref: 008A190A
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: GetLastError.KERNEL32 ref: 008A1914
                                                                                                                                                                                                                                                                                                • WTSEnumerateSessionsW.WTSAPI32(00000000,00000000,00000001,?,?), ref: 0089FB49
                                                                                                                                                                                                                                                                                                • WTSQueryUserToken.WTSAPI32(00000000,?), ref: 0089FB70
                                                                                                                                                                                                                                                                                                • DuplicateTokenEx.ADVAPI32(?,0000000C,00000000,00000002,00000002,?), ref: 0089FB9F
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0089FBBC
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0089FBC1
                                                                                                                                                                                                                                                                                                • WTSFreeMemory.WTSAPI32(00000000), ref: 0089FBCD
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Token$CloseErrorHandleLastThread$CurrentDuplicateEnumerateFreeImpersonateMemoryOpenQuerySelfSessionsUser
                                                                                                                                                                                                                                                                                                • String ID: SeTcbPrivilege
                                                                                                                                                                                                                                                                                                • API String ID: 474629131-1502394177
                                                                                                                                                                                                                                                                                                • Opcode ID: 04a06248bd82bb7408c224e20e98d042ea63bf272dd49a479db9b4591dbae443
                                                                                                                                                                                                                                                                                                • Instruction ID: da290b5b817d069f84e3533ed929d291b29665fac6e50f2ae88a37d1075701a5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 04a06248bd82bb7408c224e20e98d042ea63bf272dd49a479db9b4591dbae443
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE319570A08209AFDF14AF54CC91F9EBBB9FF40314F184079E501E6292D7708E40DB61
                                                                                                                                                                                                                                                                                                Function 008B3EC7 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 74registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,00000000,?,ReloadVersions,?,0000001C,008B38C7), ref: 008B3F0B
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008B3F15
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000), ref: 008B3F49
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,00000000,00000000,?,00000000), ref: 008B3F72
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008B3F8E
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • ReloadVersions, xrefs: 008B3ED9
                                                                                                                                                                                                                                                                                                • Cannot open product registry key, gle=%u, xrefs: 008B3F1C
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: QueryValue$CloseErrorLastOpen
                                                                                                                                                                                                                                                                                                • String ID: Cannot open product registry key, gle=%u$ReloadVersions
                                                                                                                                                                                                                                                                                                • API String ID: 2240656346-606282052
                                                                                                                                                                                                                                                                                                • Opcode ID: 896e6c06c470920d66a165717ea30f0a15cd58740ef7468f587cfb453ae72fbf
                                                                                                                                                                                                                                                                                                • Instruction ID: fb772e886bb74c2d5cf3e986913e09cab20e02e59a3f38f89ff17259a09f84d2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 896e6c06c470920d66a165717ea30f0a15cd58740ef7468f587cfb453ae72fbf
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97210471D1920AEFDB21DF95DC45DBEBFB9FB48310B10411AB511E2260EB305A42EBA1
                                                                                                                                                                                                                                                                                                Function 00888890 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 68registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe,00000000,00020119,?,0000003C,00888AA7), ref: 008888D7
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe,00000000,00020219,?), ref: 008888F5
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(00000000,Path,00000000,?,?,00000208), ref: 00888930
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 00888939
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Open$CloseQueryValue
                                                                                                                                                                                                                                                                                                • String ID: C:\Program Files\CCleaner$Path$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccleaner.exe
                                                                                                                                                                                                                                                                                                • API String ID: 3546245721-2256143087
                                                                                                                                                                                                                                                                                                • Opcode ID: 6a68b20e802ccb82f93cfe7386548e0cac80cb46a084d7e8ceb98b7dff5e70f1
                                                                                                                                                                                                                                                                                                • Instruction ID: d9b26ab593140315245f04cc32a4216237e1ca483ead9e28efdee86f3dc553aa
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a68b20e802ccb82f93cfe7386548e0cac80cb46a084d7e8ceb98b7dff5e70f1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF2105B0D01208FEEB05EFE8DD89AEDBA78FB08704F548419F114B6192DBB05A49DB21
                                                                                                                                                                                                                                                                                                Function 0089EFBE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 420COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ExpandEnvironmentStringsW.KERNEL32(?,00000000,00000000), ref: 0089F1A1
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,00000000,00000000), ref: 0089F1B1
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: EnvironmentErrorExpandLastStrings
                                                                                                                                                                                                                                                                                                • String ID: [cabdir:${cabdir:
                                                                                                                                                                                                                                                                                                • API String ID: 4064601616-2395424952
                                                                                                                                                                                                                                                                                                • Opcode ID: 305424defb35f339a7e74a2ba443447d6d829cca5f9627da53d0ea5dece28a33
                                                                                                                                                                                                                                                                                                • Instruction ID: bf47ec8f15fadda88fe6a2813c3b813295e3bddd0a1eb4ac686e484f48a8f876
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 305424defb35f339a7e74a2ba443447d6d829cca5f9627da53d0ea5dece28a33
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 39128D7090426DCADF29EB68C945BECBBB0FF15308F1441D9E159AB292DBB01E88DF51
                                                                                                                                                                                                                                                                                                Function 00896957 Relevance: 10.7, APIs: 7, Instructions: 223COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000238,000000FF,00000000,00000104,00000000,00000000,?,00000011,?,00000011,?,?,0000002C,008B3BA4), ref: 00896ABA
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,0000002C,008B3BA4,?,?,ApplyCabUpdate,?,00000238,008B3E3B,?,00000000,00000010,0088BAAE), ref: 00896AC6
                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,008B3E3B,000000FF,00000000,00000104,00000000,00000000,00000000,?,?,0000002C,008B3BA4,?,?,ApplyCabUpdate), ref: 00896B0B
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,0000002C,008B3BA4,?,?,ApplyCabUpdate,?,00000238,008B3E3B,?,00000000,00000010,0088BAAE), ref: 00896B11
                                                                                                                                                                                                                                                                                                • #20.CABINET(Function_000166C0,Function_000166D0,008966D5,Function_000167AD,Function_000167D9,Function_00016805,Function_0001681A,000000FF,?,00000000,?,?,0000002C,008B3BA4), ref: 00896B59
                                                                                                                                                                                                                                                                                                • #22.CABINET(00000000,00000000,?,00000000,00896830,00000000,0088BAAE,?,?,?,?,?,?,?,008B3E3B), ref: 00896B7F
                                                                                                                                                                                                                                                                                                • #23.CABINET(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B3E3B), ref: 00896B90
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ByteCharErrorLastMultiWide
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 203985260-0
                                                                                                                                                                                                                                                                                                • Opcode ID: c66a0f6a2b1be898fda14be3e211db807c42e0cbf45347d2af9d9c7f8db2a79d
                                                                                                                                                                                                                                                                                                • Instruction ID: 111e8996ec43d975887d67f01b89f9bc86232a304b3c12cce222520ab2d93dce
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c66a0f6a2b1be898fda14be3e211db807c42e0cbf45347d2af9d9c7f8db2a79d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EF819E71900159AAEF08FBA8CD96EEDB7B4FF14314F184159F112F72D2EA616E14CB22
                                                                                                                                                                                                                                                                                                Function 008A02AD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,00000000,?), ref: 008A02FE
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 008A0350
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000007,00000000,?), ref: 008A039B
                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,?,00000000,00000007,00000000,?), ref: 008A0429
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008A043F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Unable to open product registry key gle=%u, xrefs: 008A030B
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Value$Query$CloseOpen
                                                                                                                                                                                                                                                                                                • String ID: Unable to open product registry key gle=%u
                                                                                                                                                                                                                                                                                                • API String ID: 97533537-2589650119
                                                                                                                                                                                                                                                                                                • Opcode ID: 921013dce28397a0d220d8df69c67e2e16b7b5559deade0bdb99d792893f45ef
                                                                                                                                                                                                                                                                                                • Instruction ID: 3b5a4f9af2de8858f5efbe69f34d64cb8ec48951c0644992d320e4987aa187dd
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 921013dce28397a0d220d8df69c67e2e16b7b5559deade0bdb99d792893f45ef
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D6518071905219AFEF24DBA8DC41ABFBBB8FF49718B148069E905E7211E6309E00DB91
                                                                                                                                                                                                                                                                                                Function 008A11A1 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 165registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,00000000,?), ref: 008A11EB
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,PendingFileDeleteOperations,00000000,?,00000000,?), ref: 008A121E
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,PendingFileDeleteOperations,00000000,00000007,00000000,?), ref: 008A126C
                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,PendingFileDeleteOperations,00000000,00000007,00000000,?), ref: 008A131D
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008A1339
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Value$Query$CloseOpen
                                                                                                                                                                                                                                                                                                • String ID: PendingFileDeleteOperations
                                                                                                                                                                                                                                                                                                • API String ID: 97533537-1189029018
                                                                                                                                                                                                                                                                                                • Opcode ID: 2f48f6e4adbcaf95841df13d23cf1054c0108323618ee9bb160bc81da68a3bfa
                                                                                                                                                                                                                                                                                                • Instruction ID: 0b6605a68b7122debee5dc85962a5165c4ee55687aedc6e1d1c42544ee01434b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2f48f6e4adbcaf95841df13d23cf1054c0108323618ee9bb160bc81da68a3bfa
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8F519EB6A00209AFEF14DFA8DC45ABEB7B9FF85314F158069E805E7B10E630DE019B50
                                                                                                                                                                                                                                                                                                Function 008971BD Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 157registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,00000000,?,?,?,0089AB3E,?,00000000,?,?,?,?,?,?,00000074,00000000), ref: 00897306
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,0088BA70,00000000,00020019,00000000,00000000,?,?,?,0089AB3E,?,00000000), ref: 00897356
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000,?,?,?,0089AB3E,?,00000000,?,?,?,?,?,?,00000074,00000000,?), ref: 0089736F
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Close$Open
                                                                                                                                                                                                                                                                                                • String ID: (32)$(64)$EvaluateRegistryCondition
                                                                                                                                                                                                                                                                                                • API String ID: 2976201327-3594427413
                                                                                                                                                                                                                                                                                                • Opcode ID: 80aea3c36fdca9d3b0592a444bb48037bf1b52f02bc17fedf3a806b9e82ccc33
                                                                                                                                                                                                                                                                                                • Instruction ID: d7846b45157c7dd16134ca0f20978e7ee753b3040c132a8567ae0d15f9fa43a3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 80aea3c36fdca9d3b0592a444bb48037bf1b52f02bc17fedf3a806b9e82ccc33
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5551BE71D242599BDF15EBE8C9416EEBBB4FF58314F284059E942F7282E7700E40DBA2
                                                                                                                                                                                                                                                                                                Function 00898110 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSystemTime.KERNEL32(00000074,0000005C,0089ABB7,?), ref: 008981E8
                                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(0088BA70,?), ref: 008981FC
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00898202
                                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(00000074,?), ref: 00898215
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Time$System$File$ErrorLast
                                                                                                                                                                                                                                                                                                • String ID: EvaluateTimeSpanCondition$W
                                                                                                                                                                                                                                                                                                • API String ID: 1447521505-790226147
                                                                                                                                                                                                                                                                                                • Opcode ID: c858a2bb1f82027f540547b93a52a689bcc57a567930f46408c9b9635a31d581
                                                                                                                                                                                                                                                                                                • Instruction ID: 7809b6d21a04a46de2ff55419544b89b97836b0b335035979023780925ad9133
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c858a2bb1f82027f540547b93a52a689bcc57a567930f46408c9b9635a31d581
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2241F8B2D0460DEFDF11EBE4DD849EEBBB9FB49314F18052AE501E7150DB30AA498B61
                                                                                                                                                                                                                                                                                                Function 008C3860 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 133fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(?,01348D3A,008C379C,?,00000000,?,?,?,00000000,00901AC0,000000FF), ref: 008C38D5
                                                                                                                                                                                                                                                                                                • MapViewOfFile.KERNEL32(?,00000000,00000000,00000000,00000000,01348D3A,008C379C,?,00000000,?,?,?,00000000,00901AC0,000000FF), ref: 008C3902
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(Unable to create mapping view!,?,009216DC,Unable to map a view of uninitialized mapping!,01348D3A,008C379C,?,00000000,?,?,?,00000000,00901AC0,000000FF,?,008C37A6), ref: 008C3955
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Unable to create mapping view!, xrefs: 008C3950
                                                                                                                                                                                                                                                                                                • Unable to map a view of uninitialized mapping!, xrefs: 008C3935
                                                                                                                                                                                                                                                                                                • Unable to map a view outside of the file mapping!, xrefs: 008C392C
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FileView$ErrorLastUnmap
                                                                                                                                                                                                                                                                                                • String ID: Unable to create mapping view!$Unable to map a view of uninitialized mapping!$Unable to map a view outside of the file mapping!
                                                                                                                                                                                                                                                                                                • API String ID: 2514763941-1948104343
                                                                                                                                                                                                                                                                                                • Opcode ID: efb5fbf471c2896380190e7cd0e9a13e2122f3153db9c8ba0095bf2d7cf8a2ea
                                                                                                                                                                                                                                                                                                • Instruction ID: 00d62d0d862381b2e9757e3ead92f1b5b56698c64511fd0bc30c49b13197b570
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: efb5fbf471c2896380190e7cd0e9a13e2122f3153db9c8ba0095bf2d7cf8a2ea
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6341B2716047089FCB10DB69D845FAFBBB9FF89714F14861EE442E3290DB70EA458BA0
                                                                                                                                                                                                                                                                                                Function 008B1028 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: GetCurrentThread.KERNEL32 ref: 008A18D8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: OpenThreadToken.ADVAPI32(00000000,00000020,00000001,00000000), ref: 008A18F3
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: GetLastError.KERNEL32 ref: 008A18FF
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: ImpersonateSelf.ADVAPI32(00000002), ref: 008A190A
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A18BA: GetLastError.KERNEL32 ref: 008A1914
                                                                                                                                                                                                                                                                                                • WTSEnumerateSessionsW.WTSAPI32(00000000,00000000,00000001,00000000,?,HandleExecutes,?,00000020,008AA7A1), ref: 008B109E
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 008B10E7
                                                                                                                                                                                                                                                                                                • WTSQueryUserToken.WTSAPI32(00000000,?), ref: 008B10C2
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A1989: CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 008A1A2A
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A1989: GetLastError.KERNEL32(?,00000000,00000000,00000000,00000000,00000008,00000000,00000000,?,?), ref: 008A1A75
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A1989: DestroyEnvironmentBlock.USERENV(00000000,?,00000000,00000000,00000000,00000000,00000008,00000000,00000000,?,?), ref: 008A1AE5
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A1989: CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000008,00000000,00000000,?,?), ref: 008A1AFA
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A1989: CloseHandle.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000008,00000000,00000000,?,?), ref: 008A1B05
                                                                                                                                                                                                                                                                                                • WTSFreeMemory.WTSAPI32(00000000), ref: 008B1106
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseErrorHandleLast$ThreadToken$BlockCreateCurrentDestroyEnumerateEnvironmentFreeImpersonateMemoryOpenProcessQuerySelfSessionsUser
                                                                                                                                                                                                                                                                                                • String ID: HandleExecutes$SeTcbPrivilege
                                                                                                                                                                                                                                                                                                • API String ID: 488686288-3104995575
                                                                                                                                                                                                                                                                                                • Opcode ID: e0a6d2391892c93288713816976f0c4c9ff294f5755ae6a271ec98a45d00f370
                                                                                                                                                                                                                                                                                                • Instruction ID: fbc7a9a28b87563f9c38b82091eb8ccaa7ac9de3c75f94e35e72a9feae42a89e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e0a6d2391892c93288713816976f0c4c9ff294f5755ae6a271ec98a45d00f370
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C841C030A0464A9FDF21DF98C899AEFBBB9FF44300F844519E451EB291D770AA85CB61
                                                                                                                                                                                                                                                                                                Function 0089EB87 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • UuidCreate.RPCRT4(?), ref: 0089EBE8
                                                                                                                                                                                                                                                                                                • UuidToStringW.RPCRT4(?,00000000), ref: 0089EC01
                                                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0089EC1E
                                                                                                                                                                                                                                                                                                • RpcStringFreeW.RPCRT4(00000000), ref: 0089EC77
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: StringUuid$CountCreateFreeTick
                                                                                                                                                                                                                                                                                                • String ID: %I64d$MakeTemporaryFileName
                                                                                                                                                                                                                                                                                                • API String ID: 1917887342-1134303861
                                                                                                                                                                                                                                                                                                • Opcode ID: 839f57ae4d1c3ea1f9ec962422af9bd14c65c64e5ae0b1fae793a0aa289bbb5b
                                                                                                                                                                                                                                                                                                • Instruction ID: 1b268967348655b2f1bbaadd150d7797a0dc2f8905601ec163c4337f8b1c09ed
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 839f57ae4d1c3ea1f9ec962422af9bd14c65c64e5ae0b1fae793a0aa289bbb5b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B0316E71E14248ABDF14FBE8CC8AB9EBBB8FF44304F084429B105EB191DB789904DB52
                                                                                                                                                                                                                                                                                                Function 0089FC7B Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetCurrentProcess.KERNEL32(00000008,?), ref: 0089FCA9
                                                                                                                                                                                                                                                                                                • OpenProcessToken.ADVAPI32(00000000), ref: 0089FCB0
                                                                                                                                                                                                                                                                                                • AllocateAndInitializeSid.ADVAPI32(?,00000001,00000012,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 0089FCD0
                                                                                                                                                                                                                                                                                                • GetTokenInformation.ADVAPI32(?,00000001(TokenIntegrityLevel),00000000,?,?), ref: 0089FCFC
                                                                                                                                                                                                                                                                                                • EqualSid.ADVAPI32(00000000,?), ref: 0089FD0B
                                                                                                                                                                                                                                                                                                • FreeSid.ADVAPI32(?), ref: 0089FD29
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(?), ref: 0089FD3A
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ProcessToken$AllocateCloseCurrentEqualFreeHandleInformationInitializeOpen
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3347031116-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 862c29f6468ec2605ed14dfe57ed8ffb1a292ccf577a12743bfa9d74d3e907a2
                                                                                                                                                                                                                                                                                                • Instruction ID: 84b7eac5673ecee335dcc9e1e6233b749de891cf4696bfab7cd29dd860f664eb
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 862c29f6468ec2605ed14dfe57ed8ffb1a292ccf577a12743bfa9d74d3e907a2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8216B71A11219AFEF109FA5DC89ABFBBBCFF04710F144429EA01E2151D7318A00DBA0
                                                                                                                                                                                                                                                                                                Function 0089EA93 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • UuidCreate.RPCRT4(?), ref: 0089EAE5
                                                                                                                                                                                                                                                                                                • UuidToStringW.RPCRT4(?,00000000), ref: 0089EB00
                                                                                                                                                                                                                                                                                                • GetTickCount.KERNEL32 ref: 0089EB1A
                                                                                                                                                                                                                                                                                                • RpcStringFreeW.RPCRT4(00000000), ref: 0089EB62
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: StringUuid$CountCreateFreeTick
                                                                                                                                                                                                                                                                                                • String ID: %I64d$MakeUniqueName
                                                                                                                                                                                                                                                                                                • API String ID: 1917887342-3009957671
                                                                                                                                                                                                                                                                                                • Opcode ID: 828d002ab3f8622b48444fc2c5efe95485695d9390bec4b3f72e3c15a5444f14
                                                                                                                                                                                                                                                                                                • Instruction ID: 4234f519efba826af5ef216edea6b95f33392716c1dafaba1bdfddf83d07096e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 828d002ab3f8622b48444fc2c5efe95485695d9390bec4b3f72e3c15a5444f14
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 43215271E04248ABDF14EBE8CD45BAEB7B8FB44711F184029E106FB185DB789A089752
                                                                                                                                                                                                                                                                                                Function 008F0BA6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,00000800,00000000,?,?,01348D3A,?,008F0CB3,00000008,008C4AAA,?,00000000), ref: 008F0C67
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                                                                                                • API String ID: 3664257935-537541572
                                                                                                                                                                                                                                                                                                • Opcode ID: 692df6345b2bc952ef188ca1c8899b66735c32559676f196435c2a737d57217a
                                                                                                                                                                                                                                                                                                • Instruction ID: 7ddb7ebfe0fc27a43415e3b696160223d0601b1f1cbfad9fc40b6d24be680de6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 692df6345b2bc952ef188ca1c8899b66735c32559676f196435c2a737d57217a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1212732E55218AFDB318B359C80A7A7768FB51774F214220EE15E7292DB30EE00EED0
                                                                                                                                                                                                                                                                                                Function 008A40CB Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 302timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,RegisterJob_1,?,RegisterJob_1,?), ref: 008A41CC
                                                                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 008A42E0
                                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 008A4304
                                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 008A4350
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Time$File$System$LocalModuleName
                                                                                                                                                                                                                                                                                                • String ID: RegisterJob_1
                                                                                                                                                                                                                                                                                                • API String ID: 3034374165-2864063745
                                                                                                                                                                                                                                                                                                • Opcode ID: 0a35c3b2205dccec8d662ef88762e6d1e96bfd148cf96db0e348c7d58066bfcb
                                                                                                                                                                                                                                                                                                • Instruction ID: 2fac0bad43121ccd3d14019fd068aafa5d294ab2b4aa010cb223305e095f1795
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a35c3b2205dccec8d662ef88762e6d1e96bfd148cf96db0e348c7d58066bfcb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FDD106B4A142299FEB25DB64CC48BA9B7B8FF89305F0081D9E509E7251EB749F84CF11
                                                                                                                                                                                                                                                                                                Function 008A2BFD Relevance: 9.0, APIs: 6, Instructions: 44fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(?,0091CAB0,00000054,008AC819,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2C18
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(008B3E3B,0091CAB0,00000054,008AC819,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2C2C
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000000,0091CAB0,00000054,008AC819,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2C37
                                                                                                                                                                                                                                                                                                • UnmapViewOfFile.KERNEL32(00000000,0091CAB0,00000054,008AC819,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2C3E
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(00000238,0091CAB0,00000054,008AC819,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2C4C
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(0088BAAE,0091CAB0,00000054,008AC819,?,00000238,000000E8,000000E8,dst_md5,000000E8,src,000000E8,srcurl), ref: 008A2C57
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseHandle$FileUnmapView
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 260491571-0
                                                                                                                                                                                                                                                                                                • Opcode ID: ac6c3190b4b2a54afc6471c8d84732de5a76d3a7c594f63dc93156893ff07741
                                                                                                                                                                                                                                                                                                • Instruction ID: 5ff00380e0cf34dbd4f8b1dc837f49fbd087909a8a4942aa8f119c3f93f8de49
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ac6c3190b4b2a54afc6471c8d84732de5a76d3a7c594f63dc93156893ff07741
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 09011A75E042099BDF20DBADDE4499EB3BDFF49330B104615E821F32A0D734ED018A60
                                                                                                                                                                                                                                                                                                Function 008A5F69 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 261COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 008A5FDF
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A6020
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A859D: SysAllocString.OLEAUT32(00000000), ref: 008A85B6
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A859D: VariantClear.OLEAUT32 ref: 008A85F0
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A6058
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 008A6209
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: StringVariant$ClearFree$AllocInit
                                                                                                                                                                                                                                                                                                • String ID: CheckJob_2
                                                                                                                                                                                                                                                                                                • API String ID: 1861853653-4269496511
                                                                                                                                                                                                                                                                                                • Opcode ID: e71ca980e59a400e8962b4636b7250489d38073e217e2d3954a0ea6d79c0f8de
                                                                                                                                                                                                                                                                                                • Instruction ID: 79aed6bd700b379a2ef195249e2d2d0c889e821e2ddb99bcd28a253eadd77b3f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e71ca980e59a400e8962b4636b7250489d38073e217e2d3954a0ea6d79c0f8de
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9FB10770E11219EFEF14DFA8C884AEEBBB5FF49304F184069E501E7251E7359A45CBA1
                                                                                                                                                                                                                                                                                                Function 008A22B1 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 008A252B
                                                                                                                                                                                                                                                                                                • GetFileAttributesExW.KERNEL32(?,00000000,?), ref: 008A2541
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: File$AttributesModuleName
                                                                                                                                                                                                                                                                                                • String ID: ERR$country":"$https://ip-info.ff.avast.com/v2/info
                                                                                                                                                                                                                                                                                                • API String ID: 3022333737-1930018806
                                                                                                                                                                                                                                                                                                • Opcode ID: 3bb514e69ee730c1112ec444479eaa0d33ec78beaa108c027156f886e65ca5dd
                                                                                                                                                                                                                                                                                                • Instruction ID: cfd285c95e1158465eb74fe7476da3870fb06b42696cf4e9da2ad57ce2f9cd99
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3bb514e69ee730c1112ec444479eaa0d33ec78beaa108c027156f886e65ca5dd
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97718C71A012189BEB28EB6CCD46BEDB7B4FB05304F1041D9E609E7691DB749E84CF62
                                                                                                                                                                                                                                                                                                Function 0089F8C8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000010,0089CD0E), ref: 0089F95C
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000010,0089CD0E), ref: 0089F96A
                                                                                                                                                                                                                                                                                                • CreateDirectoryW.KERNEL32(?,00000000,?,00000000,0000005C,00000001,?,?,00000010,0089CD0E), ref: 0089FA7A
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,00000010,0089CD0E), ref: 0089FA84
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                                                                                                                                • String ID: \\?\%s
                                                                                                                                                                                                                                                                                                • API String ID: 1375471231-3682370727
                                                                                                                                                                                                                                                                                                • Opcode ID: 345a99e5f72ad01a9e0891d22be5e2363d7630667da4eb125cf8b059c0a86ae2
                                                                                                                                                                                                                                                                                                • Instruction ID: 22f277afad8a52a49c57f66087ddc36211f9d53842ee6e2be3add15a408807de
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 345a99e5f72ad01a9e0891d22be5e2363d7630667da4eb125cf8b059c0a86ae2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2A51603190016A9EDF18FBA8CC85AFEB7B4FF10318F144629E522E71D2EA705E05CB52
                                                                                                                                                                                                                                                                                                Function 008A0E2B Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 142registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(80000002,SYSTEM\CurrentControlSet\Control\Session Manager,00000000,00020019,00000000,PendingFileRenameOperations2,PendingFileRenameOperations,00000024,008A1039,0092746C,?,00927474,?,009273FC,0089C9C6,Geo: %s), ref: 008A0E78
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008A0FBE
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A06B1: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000), ref: 008A06DE
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A06B1: RegCloseKey.ADVAPI32(00000000), ref: 008A071D
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • PendingFileRenameOperations, xrefs: 008A0E40
                                                                                                                                                                                                                                                                                                • SYSTEM\CurrentControlSet\Control\Session Manager, xrefs: 008A0E6E
                                                                                                                                                                                                                                                                                                • PendingFileRenameOperations2, xrefs: 008A0E53
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseOpen
                                                                                                                                                                                                                                                                                                • String ID: PendingFileRenameOperations$PendingFileRenameOperations2$SYSTEM\CurrentControlSet\Control\Session Manager
                                                                                                                                                                                                                                                                                                • API String ID: 47109696-2115312317
                                                                                                                                                                                                                                                                                                • Opcode ID: b171659d2e007c74536abd78170ebd8752aee43c37ef37364d21edf31a10b345
                                                                                                                                                                                                                                                                                                • Instruction ID: c0c160a03f5c3be8fe94f2c7bda873ef800a9e2df4fcc57c9d4922e9c4637fca
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b171659d2e007c74536abd78170ebd8752aee43c37ef37364d21edf31a10b345
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF517C7190020A9FEF14EBA8C986AFEB374FF55308F144159E512B72C1EB746A49CB62
                                                                                                                                                                                                                                                                                                Function 008A3F51 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VariantInit.OLEAUT32(?), ref: 008A3FB2
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A3FF5
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A859D: SysAllocString.OLEAUT32(00000000), ref: 008A85B6
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A859D: VariantClear.OLEAUT32 ref: 008A85F0
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A4029
                                                                                                                                                                                                                                                                                                • VariantClear.OLEAUT32(?), ref: 008A40A5
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: StringVariant$ClearFree$AllocInit
                                                                                                                                                                                                                                                                                                • String ID: StartJob_2
                                                                                                                                                                                                                                                                                                • API String ID: 1861853653-608322044
                                                                                                                                                                                                                                                                                                • Opcode ID: a520ec5e6b20318711d19cf13fb8e0fa06b433107a55f02d6ea8ff00e7407133
                                                                                                                                                                                                                                                                                                • Instruction ID: cd823972e2241f9cd101995d5085172bfb447d6044489bad987865357ec911e1
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a520ec5e6b20318711d19cf13fb8e0fa06b433107a55f02d6ea8ff00e7407133
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EA510330D016199FDF05DBA8C949AEEBBB4FF49300F548058E511BB261C7B56E04DBA2
                                                                                                                                                                                                                                                                                                Function 0089E875 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 74memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • AttachConsole.KERNEL32(000000FF), ref: 0089E8AE
                                                                                                                                                                                                                                                                                                • AllocConsole.KERNEL32 ref: 0089E8B8
                                                                                                                                                                                                                                                                                                • SetConsoleCtrlHandler.KERNEL32(0089E32B,00000001), ref: 0089E911
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Console$AllocAttachCtrlHandler
                                                                                                                                                                                                                                                                                                • String ID: CONIN$$CONOUT$
                                                                                                                                                                                                                                                                                                • API String ID: 2170783835-123850019
                                                                                                                                                                                                                                                                                                • Opcode ID: 0b65382f019c4ec9fc77121e11b00a36de4ece0f9e866d17e2005b5570a7fed1
                                                                                                                                                                                                                                                                                                • Instruction ID: 20d6e4c397915ffe327038687dc4b42d30135b8deea6dfe22490b21a9e28a6a0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0b65382f019c4ec9fc77121e11b00a36de4ece0f9e866d17e2005b5570a7fed1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A921087021D284AAEF20FBB9BC4AB697FD8FB41B18F0C8015FC04E52D1C6619881A666
                                                                                                                                                                                                                                                                                                Function 008ED1BA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,01348D3A,00000000,?,00000000,00901390,000000FF,?,008ED14A,?,?,008ED11E,00000000), ref: 008ED1EF
                                                                                                                                                                                                                                                                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008ED201
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNEL32(00000000,?,00000000,00901390,000000FF,?,008ED14A,?,?,008ED11E,00000000), ref: 008ED223
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                • Opcode ID: 9a907f62ba42354df9afaa33de991bc6cfa13fd3693b36f8168ad0f5bc9a0400
                                                                                                                                                                                                                                                                                                • Instruction ID: 88fa85338de0283b857976baf3b08f699a853bceb4db07343a2b5a4691a92bf9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a907f62ba42354df9afaa33de991bc6cfa13fd3693b36f8168ad0f5bc9a0400
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4D01D631958755EFDB118F54DC09FAEBBBCFB48B15F048625F822E26E0DB749A04DA80
                                                                                                                                                                                                                                                                                                Function 008E09C2 Relevance: 7.8, APIs: 5, Instructions: 298COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                                                                                                • Opcode ID: d143ce0b3d6bea6794a21528cc83f204a39de9b5ae0d11abafcbeca41541d57c
                                                                                                                                                                                                                                                                                                • Instruction ID: bc0e511a3d28d0006e21ffd62e5942b7c59647975a5519c453aef7fc0a8b93e6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d143ce0b3d6bea6794a21528cc83f204a39de9b5ae0d11abafcbeca41541d57c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 69B1B370A04289EFDB11DFAAC880BAD7BB5FF46304F644659E514DB292CBB09D81CF61
                                                                                                                                                                                                                                                                                                Function 008A21D1 Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetFileVersionInfoSizeW.VERSION(?,?), ref: 008A2208
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?), ref: 008A2215
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorFileInfoLastSizeVersion
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 752140088-0
                                                                                                                                                                                                                                                                                                • Opcode ID: d1965d01f96889f782b7430c736990dcfa8ffb0d9dfba8b53549c6db84774b07
                                                                                                                                                                                                                                                                                                • Instruction ID: 91a3eddc01f23b8401cf6d60a0cc3657de92d8aa54202d8d32176785c8705946
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d1965d01f96889f782b7430c736990dcfa8ffb0d9dfba8b53549c6db84774b07
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4921F779904219AEEB209F99D844AAFF77CFF4A754B10819AE805E3600E7308941D7A1
                                                                                                                                                                                                                                                                                                Function 008D3712 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00925644,0092626C,?,0088A9FE,0092626C,0090212A,00000000,00889575,01348D3A,?,008FABEC,000000FF), ref: 008D371C
                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00925644,?,0088A9FE,0092626C,0090212A,00000000,00889575,01348D3A,?,008FABEC,000000FF), ref: 008D374F
                                                                                                                                                                                                                                                                                                • RtlWakeAllConditionVariable.NTDLL ref: 008D37C6
                                                                                                                                                                                                                                                                                                • SetEvent.KERNEL32(?,0092626C,0090212A,00000000,00889575,01348D3A,?,008FABEC,000000FF), ref: 008D37D0
                                                                                                                                                                                                                                                                                                • ResetEvent.KERNEL32(?,0092626C,0090212A,00000000,00889575,01348D3A,?,008FABEC,000000FF), ref: 008D37DC
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CriticalEventSection$ConditionEnterLeaveResetVariableWake
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3916383385-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 5ee79f48d21db11ac56d89ab928239c2a7144159c0d1f8d39194d03ddb3f1067
                                                                                                                                                                                                                                                                                                • Instruction ID: 253a574aade119ae66bef4816e70a0afa38f3c297b47bb73159d0c35e2a66172
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ee79f48d21db11ac56d89ab928239c2a7144159c0d1f8d39194d03ddb3f1067
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2E014F7153D924EFC765AF18FC489987BA9FB09721742807AFA0687330CB305D42EB94
                                                                                                                                                                                                                                                                                                Function 008A69BF Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 275COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: AswUpdate_$RegisterRestartJob_1$W
                                                                                                                                                                                                                                                                                                • API String ID: 0-166124985
                                                                                                                                                                                                                                                                                                • Opcode ID: edbdb26b0fa4afc9e0bceaa18972595f804ff4fb8bedc765904119bc9e975c18
                                                                                                                                                                                                                                                                                                • Instruction ID: 964fb457bf478a52a372d4d744d8c9956781222739d841fe3df3c0f532a37f2f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: edbdb26b0fa4afc9e0bceaa18972595f804ff4fb8bedc765904119bc9e975c18
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C7C1F670A00669DFEB25DF64CC48BDABBB4FF4A304F0440E9A409EB251EB719A85CF51
                                                                                                                                                                                                                                                                                                Function 008A5193 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 224timeCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetLocalTime.KERNEL32(?), ref: 008A5364
                                                                                                                                                                                                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 008A5375
                                                                                                                                                                                                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?), ref: 008A53A7
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • PrepareOnceTriggerAfter_1, xrefs: 008A51C1
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Time$FileSystem$Local
                                                                                                                                                                                                                                                                                                • String ID: PrepareOnceTriggerAfter_1
                                                                                                                                                                                                                                                                                                • API String ID: 3656602493-1411511048
                                                                                                                                                                                                                                                                                                • Opcode ID: 918a8b60dc6d241e029f4bc147888928f4c02462491647f1d71c78a3564c03bb
                                                                                                                                                                                                                                                                                                • Instruction ID: 7f6e3d779b230b185654e06c08297e30e84112aa4a13d7597bd43935f715b013
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 918a8b60dc6d241e029f4bc147888928f4c02462491647f1d71c78a3564c03bb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7F910271A006299FEB24DBA4CC44BEAB7B8FF49301F1041E9A509EA650DB319E85CF54
                                                                                                                                                                                                                                                                                                Function 008A0729 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(?,00000000,00000104), ref: 008A082E
                                                                                                                                                                                                                                                                                                • GetLongPathNameW.KERNEL32(?,00000000,00000104), ref: 008A0860
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: LongNamePath
                                                                                                                                                                                                                                                                                                • String ID: \??\
                                                                                                                                                                                                                                                                                                • API String ID: 82841172-3047946824
                                                                                                                                                                                                                                                                                                • Opcode ID: 83da95a062ba785dc9dd4dbb3d3ae9a298732c079b1da724305b9ca25d163de3
                                                                                                                                                                                                                                                                                                • Instruction ID: 72e1f3b50a96cf4beb0ac74d5aea0cd94f03ed1aadfe75d6a5ee5081c57c6214
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 83da95a062ba785dc9dd4dbb3d3ae9a298732c079b1da724305b9ca25d163de3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 8771D030A00259ABDF18F7A8C956AFEB769FF41304F144468E512EB2C2DA745E09DB63
                                                                                                                                                                                                                                                                                                Function 008A625A Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 183COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeTask
                                                                                                                                                                                                                                                                                                • String ID: AswUpdate_$DeleteAlreadyExecutedRestartJobs_1$W
                                                                                                                                                                                                                                                                                                • API String ID: 734271698-3399114437
                                                                                                                                                                                                                                                                                                • Opcode ID: b1d078f77297c5c39b6c53a64f54fd6eceb83e3b300e86b202c327a62dda54c3
                                                                                                                                                                                                                                                                                                • Instruction ID: 5abe77eeefc11416703a798b1ee3f0266a0579685e6240ffe7fe39677f27d3bc
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b1d078f77297c5c39b6c53a64f54fd6eceb83e3b300e86b202c327a62dda54c3
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2571E7B0901619DFDB25DF64CC84ADAB7B4FF8A305F0441E9A409EB261EB319E84CF51
                                                                                                                                                                                                                                                                                                Function 008A1042 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,00000000,?,00927550,?), ref: 008A1095
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008A114D
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A06B1: RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000), ref: 008A06DE
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A06B1: RegCloseKey.ADVAPI32(00000000), ref: 008A071D
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseOpen
                                                                                                                                                                                                                                                                                                • String ID: %u = %I64u $MicroUpdates
                                                                                                                                                                                                                                                                                                • API String ID: 47109696-560812111
                                                                                                                                                                                                                                                                                                • Opcode ID: dc68981ffb38838b40ea4f17741008fd67338f9c80becb1c9acda4dda0753e38
                                                                                                                                                                                                                                                                                                • Instruction ID: 059b17ea1538666dd9ee25bbfcd9a6de900f46ed5d504769e84a7687ba29b228
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dc68981ffb38838b40ea4f17741008fd67338f9c80becb1c9acda4dda0753e38
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04317C76D04219EFDF20DF99DC849EAF7B9FB54304B14442AE905F3610E730AA46CB90
                                                                                                                                                                                                                                                                                                Function 008AA235 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00000104,?,00000000), ref: 008AA252
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FullNamePath
                                                                                                                                                                                                                                                                                                • String ID: W$XML is not valid: "%hs" error:%u, file offset:%u$jh
                                                                                                                                                                                                                                                                                                • API String ID: 608056474-3789124446
                                                                                                                                                                                                                                                                                                • Opcode ID: 5ac177289071e540d35d3cdc4a3f20a71bcbf140abb165309d4ec8a461e8e294
                                                                                                                                                                                                                                                                                                • Instruction ID: 938f6f676c9e6f64091ad701c0dc563f43544fc946dfd93b7ac6d32a0016a4c0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5ac177289071e540d35d3cdc4a3f20a71bcbf140abb165309d4ec8a461e8e294
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: C14148309082699BDF2AEB54CD95BEDB779FB15344F5040D9E009A75A1EB302F85CF42
                                                                                                                                                                                                                                                                                                Function 00896830 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96sleepfileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,40000000,00000005,00000000,00000002,00000080,00000000), ref: 0089690F
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00896917
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 00896931
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateErrorFileLastSleep
                                                                                                                                                                                                                                                                                                • String ID: %s%hs
                                                                                                                                                                                                                                                                                                • API String ID: 408151869-3961986361
                                                                                                                                                                                                                                                                                                • Opcode ID: c3c172a5ba4287614874da5b92a6b574f463c5d6d9f8ad2cec38dcbfba89c368
                                                                                                                                                                                                                                                                                                • Instruction ID: 75711ddd8858bc696f07525666f4af8051e5f8eda117eb4549b327457cad1be8
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3c172a5ba4287614874da5b92a6b574f463c5d6d9f8ad2cec38dcbfba89c368
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E318E3154011AAADF29BF7CC959AAD7B20FB01324F184225F521EB1E1EA31DA54C741
                                                                                                                                                                                                                                                                                                Function 008D8222 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,008D81D3,00000000,?,00925A28,?,?,?,008D8376,00000004,InitializeCriticalSectionEx,009055E4,InitializeCriticalSectionEx), ref: 008D822F
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,008D81D3,00000000,?,00925A28,?,?,?,008D8376,00000004,InitializeCriticalSectionEx,009055E4,InitializeCriticalSectionEx,00000000,?,008D812D), ref: 008D8239
                                                                                                                                                                                                                                                                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 008D8261
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                • String ID: api-ms-
                                                                                                                                                                                                                                                                                                • API String ID: 3177248105-2084034818
                                                                                                                                                                                                                                                                                                • Opcode ID: e2032ff2e63ae41b41cb24458aa3100e239318e310828ff8caf664127faf854b
                                                                                                                                                                                                                                                                                                • Instruction ID: 3198721cacfef7cd1dcdf3a808fd04241eb16dd71ce4f8c8253ed9a72a85f10b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e2032ff2e63ae41b41cb24458aa3100e239318e310828ff8caf664127faf854b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 89E04F31698A04FFEF101B61EC07B297F59FB11B42F108121F90CE81E1DF61DA1099C4
                                                                                                                                                                                                                                                                                                Function 008E1B8F Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetConsoleOutputCP.KERNEL32(01348D3A,00000000,00000000,?), ref: 008E1BF2
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008F1166: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,008F3246,?,00000000,-00000008), ref: 008F1212
                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 008E1E4D
                                                                                                                                                                                                                                                                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 008E1E95
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 008E1F38
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2112829910-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b76bb7a6497c7dffc8bf7b87fb6a6eb69b18ce386b797f391c20a0c270234832
                                                                                                                                                                                                                                                                                                • Instruction ID: c49742fb9d62df9593b255cff2a4cf32f9cd4f433f8198167ac78b9286b59e37
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b76bb7a6497c7dffc8bf7b87fb6a6eb69b18ce386b797f391c20a0c270234832
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9AD15875E04288AFCF15CFA9D8849EDBBB5FF0A304F18416AE865EB351D730A942CB50
                                                                                                                                                                                                                                                                                                Function 008C2DE0 Relevance: 6.2, APIs: 4, Instructions: 244COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0088A916: GetProcessHeap.KERNEL32(00000000,00889575,01348D3A,?,008FABEC,000000FF), ref: 0088A950
                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000003,00000000,0000000B,000000FF,00000000,00000000), ref: 008C2ED5
                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(00000003,00000000,00000010,000000FF,00000010,-00000001), ref: 008C2F0A
                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,00000000,00000000,00000000,00000000), ref: 008C2F95
                                                                                                                                                                                                                                                                                                • WideCharToMultiByte.KERNEL32(00000003,00000000,00000010,000000FF,?,-00000001,00000000,00000000), ref: 008C2FCE
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$HeapProcess
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2590121937-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3060d4479f49978c4f778ab0ea85bb270458e6183b6834058f6c6987c346b87b
                                                                                                                                                                                                                                                                                                • Instruction ID: 2b6b81117b3ca9434d9501fcdca8eb1e4886b490f91c13467111ee90ff42382d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3060d4479f49978c4f778ab0ea85bb270458e6183b6834058f6c6987c346b87b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 90917A31A006099FEB20CF68C888F59FBB5FF45724F24866DE415EB2E0DB71A905CB51
                                                                                                                                                                                                                                                                                                Function 008A053D Relevance: 6.2, APIs: 4, Instructions: 158registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 008A0589
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 008A05B0
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?,?,00000000,?,00000000,?), ref: 008A06A5
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3677997916-0
                                                                                                                                                                                                                                                                                                • Opcode ID: c09ee4bb34e849c777fe8898b054265ad1fb574930e7cd8a811134907f86dfa4
                                                                                                                                                                                                                                                                                                • Instruction ID: 65fce44de4b20022cc11a45c1acba146205c86956c6001fa174452e049e9674a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c09ee4bb34e849c777fe8898b054265ad1fb574930e7cd8a811134907f86dfa4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A518F75E04206AFEB24CFA8C8909AEBBB9FF95354B248469E845E7710E730DE50CF50
                                                                                                                                                                                                                                                                                                Function 008A8900 Relevance: 6.1, APIs: 4, Instructions: 117comCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CoCreateInstance.OLE32(00912BD0,00000000,00000001,00912BE0,?,00000018,008A87A3), ref: 008A8938
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A8988
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A89C8
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A89FB
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeString$CreateInstance
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2173987225-0
                                                                                                                                                                                                                                                                                                • Opcode ID: df79a1cba73818e48e7c38c803dbb541c7c716f42a1fe15d66fa14352b985d5e
                                                                                                                                                                                                                                                                                                • Instruction ID: 81408ae7346dc4ff17f04f63bf6cdb660a109d73c47198e40b392eed9a6e99f9
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: df79a1cba73818e48e7c38c803dbb541c7c716f42a1fe15d66fa14352b985d5e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 29414F31A0025ADFDB01DFE8C948AAEBBB4FF49304F144058E505E7261DB75AE01DB62
                                                                                                                                                                                                                                                                                                Function 008966D5 Relevance: 6.1, APIs: 4, Instructions: 68sleepfileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000104,00000104,00000004), ref: 00896733
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000005,00000000,?,00000080,00000000), ref: 00896761
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 00896769
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 00896783
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ByteCharCreateErrorFileLastMultiSleepWide
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1256913802-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 74b421188236dd9b9228d30b87643b4f54a17488dae009d0ba9265b63e1959d4
                                                                                                                                                                                                                                                                                                • Instruction ID: 0b18fb605c0501d33a30650b0a5d77d821cb41cdfcf9126bbbb298cc98c21808
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 74b421188236dd9b9228d30b87643b4f54a17488dae009d0ba9265b63e1959d4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E921AF31A51215AFEF24BBA8CC8ABAD7364FB00764F148714F922EB1E1DB745D508B61
                                                                                                                                                                                                                                                                                                Function 008B179F Relevance: 6.1, APIs: 4, Instructions: 62registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,00000000,?), ref: 008B17C9
                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,00000000,00000004,009274F4,00000004), ref: 008B1803
                                                                                                                                                                                                                                                                                                • RegSetValueExW.ADVAPI32(?,00000000,00000004,009274F8,00000004), ref: 008B1816
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 008B1836
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Value$CloseOpen
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3241186055-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 1066c209554a3e552500bfea3dd93054bc096fa599724495801c2f07a5095c0b
                                                                                                                                                                                                                                                                                                • Instruction ID: 5265504fb79f9643440a7e8c444565d0f42950f45eb87c60e5086585a1adf4b5
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1066c209554a3e552500bfea3dd93054bc096fa599724495801c2f07a5095c0b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EE116071A19118FFDB219B99EC99C6AFFBEFB893647504069F404A7230D7315D01EB50
                                                                                                                                                                                                                                                                                                Function 008A8608 Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • VerSetConditionMask.NTDLL(00000000,00000000,00000002,00000003), ref: 008A866B
                                                                                                                                                                                                                                                                                                • VerSetConditionMask.NTDLL(00000000), ref: 008A866F
                                                                                                                                                                                                                                                                                                • VerSetConditionMask.NTDLL(00000000), ref: 008A8673
                                                                                                                                                                                                                                                                                                • VerifyVersionInfoW.KERNEL32(0000011C,00000023,00000000), ref: 008A8695
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ConditionMask$InfoVerifyVersion
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2793162063-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 37ae734c4f8bc6901653283094895a035ee26dee6de5797e762323f4770a59b7
                                                                                                                                                                                                                                                                                                • Instruction ID: 460f7eba34f1c8ae7077a4eaed05811f561dfdbec0bed4b29d4809f2c2207d9c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 37ae734c4f8bc6901653283094895a035ee26dee6de5797e762323f4770a59b7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A61133B0A4431C6EEB24DF65AC46FEF7BBCEF48754F40446AB509E6281D6745F408AA0
                                                                                                                                                                                                                                                                                                Function 008E1A08 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SetFilePointerEx.KERNEL32(00000000,00000000,00000000,0088F8A1,00000001,00000000,0088F8A1,?,00000000,00000000), ref: 008E1A1E
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,0088F8A1,00000000,00000000,00000002), ref: 008E1A2B
                                                                                                                                                                                                                                                                                                • SetFilePointerEx.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0088F8A1,00000000,00000000,00000002), ref: 008E1A51
                                                                                                                                                                                                                                                                                                • SetFilePointerEx.KERNEL32(?,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,?,0088F8A1,00000000), ref: 008E1A77
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FilePointer$ErrorLast
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 142388799-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 7653f95fa196ae5fdcf21f3adf9b5f6b108e92c44517ce44dd8a5772f70b7206
                                                                                                                                                                                                                                                                                                • Instruction ID: d40b44492dcae3f6c4b8fd95d68d395e06e21c778397aa84be92c4320017e47e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7653f95fa196ae5fdcf21f3adf9b5f6b108e92c44517ce44dd8a5772f70b7206
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A0114571916229BFCF109F96DC489AE7F7DFB05364F108254F820A21A0C7319A80EBA0
                                                                                                                                                                                                                                                                                                Function 0088BF35 Relevance: 6.0, APIs: 4, Instructions: 40sleepfileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0088BF5F
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0088BF67
                                                                                                                                                                                                                                                                                                • Sleep.KERNEL32(000000C8), ref: 0088BF81
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32 ref: 0088BF92
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$CreateFileSleep
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 296867881-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 68ff8e1c4d608bc36af2b354453e9daaf67f1695344e93ab418034137bb3e8d6
                                                                                                                                                                                                                                                                                                • Instruction ID: 6a6b943a085234e73bea15421f0499d38f2cd2e46df56676c6df473292ab0852
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68ff8e1c4d608bc36af2b354453e9daaf67f1695344e93ab418034137bb3e8d6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCF03131515201AFDB306F6DDC09B49BBA8EBD2731F20871DE6A1D31E0CB709985DB51
                                                                                                                                                                                                                                                                                                Function 008D41CE Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 008D41E0
                                                                                                                                                                                                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 008D41EF
                                                                                                                                                                                                                                                                                                • GetCurrentProcessId.KERNEL32 ref: 008D41F8
                                                                                                                                                                                                                                                                                                • QueryPerformanceCounter.KERNEL32(?), ref: 008D4205
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2933794660-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 5c04264b8d1f645ee72832fa1c8df3a994776f76fcf52a0b28008e38b53ba34e
                                                                                                                                                                                                                                                                                                • Instruction ID: 8df0d4145ab6b9a8d6c3c5a70fb79af593aeb879d359b1167b0415fc758943f7
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5c04264b8d1f645ee72832fa1c8df3a994776f76fcf52a0b28008e38b53ba34e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A1F05F71D24209EFCB04DBB4DA49A9EBBF8EF1C305F9184959412E7150DB74AB049B51
                                                                                                                                                                                                                                                                                                Function 008D37E4 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SleepConditionVariableCS.KERNELBASE(?,008D3781,00000064), ref: 008D3807
                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(00925644,?,?,008D3781,00000064,?,0092626C,?,0088A99E,0092626C,00000000,00889575,01348D3A,?,008FABEC,000000FF), ref: 008D3811
                                                                                                                                                                                                                                                                                                • WaitForSingleObjectEx.KERNEL32(?,00000000,?,008D3781,00000064,?,0092626C,?,0088A99E,0092626C,00000000,00889575,01348D3A,?,008FABEC,000000FF), ref: 008D3822
                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(00925644,?,008D3781,00000064,?,0092626C,?,0088A99E,0092626C,00000000,00889575,01348D3A,?,008FABEC,000000FF), ref: 008D3829
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3269011525-0
                                                                                                                                                                                                                                                                                                • Opcode ID: ec3be6b564521a48035abfc3cc5bf46780b9038b542830247923c0b4d65112e2
                                                                                                                                                                                                                                                                                                • Instruction ID: 1ff27b150d3ff773729fd21ce96e7f7d24c1b02a51685ed43c047fd041c7ae4d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: ec3be6b564521a48035abfc3cc5bf46780b9038b542830247923c0b4d65112e2
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 26E01232569534BBC6221B50FC0999D3F6DFF09B66B418121F5096A270C7715E00BBD5
                                                                                                                                                                                                                                                                                                Function 00897CD1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • UuidFromStringW.RPCRT4(?,?), ref: 00897E0C
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FromStringUuid
                                                                                                                                                                                                                                                                                                • String ID: EvaluateGuidCondition$W
                                                                                                                                                                                                                                                                                                • API String ID: 893186483-1648138014
                                                                                                                                                                                                                                                                                                • Opcode ID: 120d2f3398631b6b5e8665ca70b81c18aceafa745fc8117b6db4c116f58ea88d
                                                                                                                                                                                                                                                                                                • Instruction ID: 83bb90ca1de507a42bc75d495d53ac4f269a1d656243b521198950ff0601cc8b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 120d2f3398631b6b5e8665ca70b81c18aceafa745fc8117b6db4c116f58ea88d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 10611370E182688ADF24EFA8D980BDDBBB1FF48300F1441AAE109E7251DB715E84CF51
                                                                                                                                                                                                                                                                                                Function 008EC588 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                                                                                                • String ID: C:\Program Files\CCleaner\CCUpdate.exe$SZ
                                                                                                                                                                                                                                                                                                • API String ID: 0-2562600893
                                                                                                                                                                                                                                                                                                • Opcode ID: 993125027130124cdc07d0c64c747d8261f223807a306c65d5591a8db9b7eb9b
                                                                                                                                                                                                                                                                                                • Instruction ID: 01d4c56d88264d3fe5d3a89a56aaafa3455a39d07b8e4a76598523b67433ad92
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 993125027130124cdc07d0c64c747d8261f223807a306c65d5591a8db9b7eb9b
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D31D7B2E00258AFCB21AF6ACCC1D9F7BB9FB46710F11016AF505D7211D6708E02DB91
                                                                                                                                                                                                                                                                                                Function 008D7863 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • EncodePointer.KERNEL32(00000000,?), ref: 008D7888
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: EncodePointer
                                                                                                                                                                                                                                                                                                • String ID: MOC$RCC
                                                                                                                                                                                                                                                                                                • API String ID: 2118026453-2084237596
                                                                                                                                                                                                                                                                                                • Opcode ID: 2c05bf822e57e65d1f02502f7248c41adc1d3efa4145f8b9d36c6ef814ac962e
                                                                                                                                                                                                                                                                                                • Instruction ID: 088547a5ad39963fd8e8545af431c6d98b551eb679ba30959650a7560d6e4ef2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2c05bf822e57e65d1f02502f7248c41adc1d3efa4145f8b9d36c6ef814ac962e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FB417972904209AFDF16DF98CC91AEEBBB5FF08310F14826AF904A7321E3399950DB51
                                                                                                                                                                                                                                                                                                Function 008A5C46 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A5CBF
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A859D: SysAllocString.OLEAUT32(00000000), ref: 008A85B6
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A859D: VariantClear.OLEAUT32 ref: 008A85F0
                                                                                                                                                                                                                                                                                                • SysFreeString.OLEAUT32(?), ref: 008A5CF2
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: String$Free$AllocClearVariant
                                                                                                                                                                                                                                                                                                • String ID: UnregisterJob_2
                                                                                                                                                                                                                                                                                                • API String ID: 2934074361-2722036283
                                                                                                                                                                                                                                                                                                • Opcode ID: dbe4231d1ee005791426c5512f4430c6cb2282287864d9772322e89cf154e780
                                                                                                                                                                                                                                                                                                • Instruction ID: e49e1db1b945843ae0e9fda4360bf4db0bd2ef2059940801cbe14db47ccd8b01
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: dbe4231d1ee005791426c5512f4430c6cb2282287864d9772322e89cf154e780
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: AE315C30D10219DFDF01EBA8C849BEDBB74FF19314F144058E111B72A1DB745A44DBA2
                                                                                                                                                                                                                                                                                                Function 008A3D62 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • %04u-%02u-%02uT%02u:%02u:%02uZ, xrefs: 008A3DD1
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: String$AllocFree
                                                                                                                                                                                                                                                                                                • String ID: %04u-%02u-%02uT%02u:%02u:%02uZ
                                                                                                                                                                                                                                                                                                • API String ID: 344208780-3000309843
                                                                                                                                                                                                                                                                                                • Opcode ID: a19f619b0da887924a12741a32713387e4dae0ce48f075497e8ebf609416ba53
                                                                                                                                                                                                                                                                                                • Instruction ID: fa631c42ba32885e4524cf4ea0a73e9a1308fa1e4ac9068c62484de5681849db
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a19f619b0da887924a12741a32713387e4dae0ce48f075497e8ebf609416ba53
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19215071900619FBEB15EFA8D8819DDBBB9FF05310B108116F515E6981CB3597608B91
                                                                                                                                                                                                                                                                                                Function 008B3A75 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetFullPathNameW.KERNEL32(?,00000104,?,00000000), ref: 008B3A90
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0088BF35: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0088BF5F
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0088BF35: GetLastError.KERNEL32 ref: 0088BF67
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0088BF35: Sleep.KERNEL32(000000C8), ref: 0088BF81
                                                                                                                                                                                                                                                                                                  • Part of subcall function 0088BF35: GetLastError.KERNEL32 ref: 0088BF92
                                                                                                                                                                                                                                                                                                • CloseHandle.KERNEL32(000000FF), ref: 008B3AFD
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ErrorLast$CloseCreateFileFullHandleNamePathSleep
                                                                                                                                                                                                                                                                                                • String ID: W
                                                                                                                                                                                                                                                                                                • API String ID: 2336519704-655174618
                                                                                                                                                                                                                                                                                                • Opcode ID: 1c48bdbb8e509f0f76a1ace2ba7f75adbf0dbbc62e1c1d9c453bb06c98d677e4
                                                                                                                                                                                                                                                                                                • Instruction ID: 955d4a37a1ccc790fac0169e7539a57529847716f89aeb5907895b5d5de45208
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 1c48bdbb8e509f0f76a1ace2ba7f75adbf0dbbc62e1c1d9c453bb06c98d677e4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6D211630901569EADB25EBA8DC597EDBB74FF14324F2442D8A059A22E1DB304F85DF12
                                                                                                                                                                                                                                                                                                Function 008A06B1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.ADVAPI32(00000000,00000000,00000000), ref: 008A06DE
                                                                                                                                                                                                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 008A071D
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                • Unable to open product registry key gle=%u, xrefs: 008A06EB
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CloseOpen
                                                                                                                                                                                                                                                                                                • String ID: Unable to open product registry key gle=%u
                                                                                                                                                                                                                                                                                                • API String ID: 47109696-2589650119
                                                                                                                                                                                                                                                                                                • Opcode ID: 9727285345aec6f0ea002872ec22b8403a4bda4f8c495114786fc6e4b796861a
                                                                                                                                                                                                                                                                                                • Instruction ID: 2f4d36533feb05480e289a0efa3f17b3458e438b757ce08ca48ed8735c82a62e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9727285345aec6f0ea002872ec22b8403a4bda4f8c495114786fc6e4b796861a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6001F236915219FFEF24AB98EC05BAEBB7AFB89724F104054F405A6170DA719E10EF50
                                                                                                                                                                                                                                                                                                Function 008C3E70 Relevance: 5.3, APIs: 4, Instructions: 252COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,01348D3A,?,?,00000000), ref: 008C3EF0
                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?), ref: 008C3F67
                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?,?,00000000,?,?,?,?,?,?), ref: 008C40B5
                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?), ref: 008C40D9
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterLeave
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3168844106-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 84fc007bc93dce59c240c246d07d5128529179f8fae35d30b97b81fcc7c55a56
                                                                                                                                                                                                                                                                                                • Instruction ID: cf6e69d4ec1596570eb2320b8b961de6e02378f7fcb6fa240949e82f873fcc42
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84fc007bc93dce59c240c246d07d5128529179f8fae35d30b97b81fcc7c55a56
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B6916D75A106098FCB10CF68C494BA9BBB5FF88320F14825EE916AB381DB74ED45CB90
                                                                                                                                                                                                                                                                                                Function 008CD780 Relevance: 5.1, APIs: 4, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008CE690: WaitForSingleObject.KERNEL32(?,000000FF,?,008CE4E7,?,?,?,00000000,?,?,008CE377,?,?,FFFFFFFF,?,008CDE54), ref: 008CE698
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008CE620: SetEvent.KERNEL32(008CE390,?,008CE390,?,FFFFFFFF,?,?,?,?,?,?), ref: 008CE628
                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 008CD7F1
                                                                                                                                                                                                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 008CD7FE
                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 008CD820
                                                                                                                                                                                                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 008CD827
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008CE6E0: ReleaseSemaphore.KERNEL32(?,00000001,00000000,?,008CE4DF,?,?,00000000,?,?,008CE377,?,?,FFFFFFFF,?,008CDE54), ref: 008CE6EC
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CriticalSection$EnterLeave$EventObjectReleaseSemaphoreSingleWait
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3648152314-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 84d9480ac61218b5157c8869ae01253ab19eaf86b3db77b94c448222669f004e
                                                                                                                                                                                                                                                                                                • Instruction ID: ed2a710e72342f492a2793073d0a07354082ff3fb35a0b300c9d247b711359d0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 84d9480ac61218b5157c8869ae01253ab19eaf86b3db77b94c448222669f004e
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A5513771900204AFCB51EF68C884F9AB7B9FF48304F04457DE84A9B616DB31EA46CB95
                                                                                                                                                                                                                                                                                                Function 008A2E5A Relevance: 5.1, APIs: 4, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,?,?), ref: 008A2EA0
                                                                                                                                                                                                                                                                                                • GetLastError.KERNEL32(?,?), ref: 008A2EB1
                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,?,?), ref: 008A2EC9
                                                                                                                                                                                                                                                                                                • MultiByteToWideChar.KERNEL32(?,00000000,?,?,?,00000000,?,?), ref: 008A2EED
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000A.00000002.7153981246.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7153946912.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154108023.0000000000903000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154169680.0000000000924000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                • Associated: 0000000A.00000002.7154203584.0000000000928000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_10_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                • Opcode ID: f497d58629aa8d9f171ec49aab39e23666cba0fcc49e06c96f4032d9a1ebb4cf
                                                                                                                                                                                                                                                                                                • Instruction ID: 888d6f78c84ad31d9bc8d4627da7900ac41fcc4d036675ad93cca25a1e0a286c
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: f497d58629aa8d9f171ec49aab39e23666cba0fcc49e06c96f4032d9a1ebb4cf
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7C215772210206BFEB158F68DC85DBBBB6DFF463607208229F805C6551EB71AE10D760

                                                                                                                                                                                                                                                                                                Execution Graph

                                                                                                                                                                                                                                                                                                Execution Coverage:4.1%
                                                                                                                                                                                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                Signature Coverage:0%
                                                                                                                                                                                                                                                                                                Total number of Nodes:1255
                                                                                                                                                                                                                                                                                                Total number of Limit Nodes:148
                                                                                                                                                                                                                                                                                                execution_graph 48801 88b5ec 48802 88b5f7 48801->48802 48881 8a873a 48802->48881 48804 88b5fe 48889 89defb 48804->48889 48806 88b60f 48818 88b634 48806->48818 49140 8a5168 7 API calls 48806->49140 48808 88b621 48809 89defb 7 API calls 48808->48809 48809->48818 48810 89defb 7 API calls 48812 88b6bc 48810->48812 48811 88b79b 48880 88b4b4 48811->48880 48936 89ba23 48811->48936 48814 89defb 7 API calls 48812->48814 48817 88b6c9 48814->48817 48819 89defb 7 API calls 48817->48819 48820 88b670 48818->48820 48821 88b677 48818->48821 48834 88b68f 48818->48834 48823 88b6d6 48819->48823 49141 8a3f51 7 API calls 48820->49141 49142 8a3e25 7 API calls 48821->49142 48828 89defb 7 API calls 48823->48828 48826 88b675 48829 89defb 7 API calls 48826->48829 48833 88b6e3 48828->48833 48829->48834 48830 88b7be 48830->48880 49115 88bf35 48830->49115 48831 88bb2e FreeLibrary 48832 88bb35 48831->48832 48836 89defb 7 API calls 48832->48836 49143 89facf 48833->49143 48834->48810 48834->48811 48847 88bb40 48836->48847 48839 88b6ee 48841 88b742 48839->48841 48842 88b6f2 48839->48842 48840 88bb6d 49151 88aa0b 48840->49151 48844 89facf GetFileAttributesW 48841->48844 48864 88b6f6 48841->48864 48845 89facf GetFileAttributesW 48842->48845 48842->48864 48851 88b74e 48844->48851 48852 88b711 48845->48852 48847->48840 49149 88bec1 ExitProcess GetPEB RtlFreeHeap RtlAllocateHeap GetPEB 48847->49149 48848 88b819 48849 88b820 LoadLibraryW 48848->48849 48848->48880 48849->48880 48850 89defb 7 API calls 48850->48880 48858 89facf GetFileAttributesW 48851->48858 48851->48864 48859 89facf GetFileAttributesW 48852->48859 48852->48864 48855 88bb67 49150 8de9a7 RtlFreeHeap 48855->49150 48856 88aa0b RtlFreeHeap 48860 88bb99 48856->48860 48861 88b764 48858->48861 48862 88b727 48859->48862 48863 88aa0b RtlFreeHeap 48860->48863 48861->48864 48865 88b76d 48861->48865 48862->48864 48866 88b735 48862->48866 48867 88bba8 48863->48867 48864->48850 49148 8901b2 7 API calls 48865->49148 49147 88f844 7 API calls 48866->49147 48869 88aa0b RtlFreeHeap 48867->48869 48872 88bbb7 48869->48872 48871 88b740 48874 89defb 7 API calls 48871->48874 48873 88aa0b RtlFreeHeap 48872->48873 48875 88bbc6 48873->48875 48874->48811 48876 88aa0b RtlFreeHeap 48875->48876 48877 88bbd5 48876->48877 48878 88aa0b RtlFreeHeap 48877->48878 48879 88bbe4 48878->48879 49130 89e3a4 48880->49130 48883 8a8749 48881->48883 48882 8a87c3 48882->48804 48883->48882 49155 88aa2d 48883->49155 48885 8a8775 49158 88943e 48885->49158 48887 8a8789 48888 88aa0b RtlFreeHeap 48887->48888 48888->48882 48890 89df0a 48889->48890 48891 88aa2d 2 API calls 48890->48891 48892 89df3e 48891->48892 48899 89dfb6 48892->48899 49179 8dd075 48892->49179 48893 88aa0b RtlFreeHeap 48894 89e325 48893->48894 48894->48806 48899->48893 48903 89e00c 49198 88bd93 48903->49198 48906 89e04b 48908 88aa2d 2 API calls 48906->48908 48909 89e227 48906->48909 48914 89e065 48908->48914 48909->48899 48911 8dd3d7 RtlFreeHeap 48909->48911 48910 89e2c3 48912 88aa0b RtlFreeHeap 48910->48912 48911->48899 48912->48909 48913 88aa0b RtlFreeHeap 48913->48914 48914->48910 48914->48913 48917 89e0ea 48914->48917 48915 89e292 48916 88aa0b RtlFreeHeap 48915->48916 48916->48909 48917->48915 49202 89dbad 6 API calls 48917->49202 48919 89e193 49203 889299 48919->49203 48921 89e1ab 48922 88aa0b RtlFreeHeap 48921->48922 48923 89e1c2 48922->48923 48924 88aa0b RtlFreeHeap 48923->48924 48925 89e1d8 48924->48925 48926 8e1b84 2 API calls 48925->48926 48927 89e1f4 48926->48927 48928 89e1fb 48927->48928 48932 89e230 48927->48932 48929 88aa0b RtlFreeHeap 48928->48929 48930 89e211 48929->48930 48931 88aa0b RtlFreeHeap 48930->48931 48931->48909 49209 8dd3d7 48932->49209 48935 88aa0b RtlFreeHeap 48935->48915 48937 89ba32 48936->48937 48938 89e3a4 7 API calls 48937->48938 48939 89ba50 48938->48939 48940 88aa2d 2 API calls 48939->48940 48941 89ba5f 48940->48941 48942 88aa2d 2 API calls 48941->48942 48943 89ba70 48942->48943 48944 88aa2d 2 API calls 48943->48944 48945 89ba7f 48944->48945 48946 88aa2d 2 API calls 48945->48946 48947 89ba8e 48946->48947 48948 88aa2d 2 API calls 48947->48948 48949 89ba9d 48948->48949 48950 88aa2d 2 API calls 48949->48950 48951 89baac 48950->48951 48952 89defb 7 API calls 48951->48952 48953 89bac3 48952->48953 48954 88a41f 5 API calls 48953->48954 48955 89bae2 GetDateFormatW 48954->48955 48956 88a41f 5 API calls 48955->48956 48957 89bb04 48956->48957 48958 89defb 7 API calls 48957->48958 48959 89bb47 48958->48959 48960 89bb80 GetNativeSystemInfo 48959->48960 48961 89bb63 48959->48961 48964 89bb98 48960->48964 48962 89defb 7 API calls 48961->48962 48963 89bb7a 48962->48963 48965 88aa0b RtlFreeHeap 48963->48965 48964->48963 48966 89bbce GlobalMemoryStatusEx 48964->48966 48969 89defb 7 API calls 48964->48969 48967 89ca42 48965->48967 48976 89bc24 48966->48976 48970 88aa0b RtlFreeHeap 48967->48970 48969->48966 48971 89ca54 48970->48971 48972 88aa0b RtlFreeHeap 48971->48972 48973 89ca66 48972->48973 48974 88aa0b RtlFreeHeap 48973->48974 48975 89ca78 48974->48975 48977 88aa0b RtlFreeHeap 48975->48977 48978 88bd93 6 API calls 48976->48978 48980 89bcb6 48976->48980 48979 89ca8c 48977->48979 48978->48980 48981 88aa0b RtlFreeHeap 48979->48981 48982 89defb 7 API calls 48980->48982 48983 89ca9e 48981->48983 48984 89bcfd 48982->48984 48985 89e418 7 API calls 48983->48985 49055 89bd23 48984->49055 49303 8ea8bd 48984->49303 48986 89caad 48985->48986 48986->48830 48989 89bdc0 49312 89cb18 48989->49312 48991 8dd3d7 RtlFreeHeap 48993 89ca1e 48991->48993 48992 89bd6b 48995 89cb18 5 API calls 48992->48995 48993->48963 48996 8dd3d7 RtlFreeHeap 48993->48996 48999 89bd7f 48995->48999 48996->48963 48997 89bddf 49000 8ea8bd 4 API calls 48997->49000 49001 89be38 48997->49001 48997->49055 48998 88aa0b RtlFreeHeap 48998->48989 48999->48998 49000->49001 49316 8a21d1 49001->49316 49003 89bebd 49326 889396 49003->49326 49005 89bf4e 49008 88943e RtlFreeHeap 49005->49008 49006 89bee0 49006->49005 49007 89bf02 49006->49007 49511 88bbee 6 API calls 49007->49511 49010 89bf5e GetPrivateProfileStringW 49008->49010 49330 8a15af 49010->49330 49011 89bf16 49013 88943e RtlFreeHeap 49011->49013 49015 89bf26 49013->49015 49014 89bfa3 49334 88897b 49014->49334 49017 88aa0b RtlFreeHeap 49015->49017 49021 89bf38 49017->49021 49018 89bfa9 49019 89bfad 49018->49019 49020 89bfc3 49018->49020 49022 89defb 7 API calls 49019->49022 49023 89defb 7 API calls 49020->49023 49512 88bd07 49021->49512 49025 89bfbd 49022->49025 49026 89bfd3 49023->49026 49428 89ae36 49025->49428 49028 89defb 7 API calls 49026->49028 49027 89bf4c 49027->49010 49029 89bfe3 49028->49029 49031 89bffc 49029->49031 49033 89defb 7 API calls 49029->49033 49034 89defb 7 API calls 49031->49034 49032 89c074 49035 88943e RtlFreeHeap 49032->49035 49033->49031 49036 89c01d 49034->49036 49037 89c085 49035->49037 49038 89defb 7 API calls 49036->49038 49039 88aa0b RtlFreeHeap 49037->49039 49040 89c02d 49038->49040 49042 89c097 49039->49042 49041 89defb 7 API calls 49040->49041 49043 89c03d 49041->49043 49044 89c753 49042->49044 49045 89facf GetFileAttributesW 49042->49045 49043->49025 49047 89defb 7 API calls 49043->49047 49046 88943e RtlFreeHeap 49044->49046 49049 89c775 49044->49049 49048 89c0ae 49045->49048 49046->49049 49047->49025 49048->49044 49051 8e1b84 2 API calls 49048->49051 49050 88943e RtlFreeHeap 49049->49050 49052 89c786 49050->49052 49053 89c0c0 49051->49053 49056 889299 6 API calls 49052->49056 49074 89c7df 49052->49074 49053->49055 49058 88948c 6 API calls 49053->49058 49054 89facf GetFileAttributesW 49066 89c80a 49054->49066 49055->48991 49057 89c7b2 49056->49057 49059 88943e RtlFreeHeap 49057->49059 49111 89c10b 49058->49111 49060 89c7c2 49059->49060 49064 88aa0b RtlFreeHeap 49060->49064 49061 89c867 49065 89c8a9 49061->49065 49521 889414 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49061->49521 49063 89c736 49068 88aa0b RtlFreeHeap 49063->49068 49067 89c7d4 49064->49067 49069 89c8ba 49065->49069 49522 89cfb3 8 API calls 49065->49522 49066->49061 49520 8ea907 ExitProcess GetPEB RtlFreeHeap GetPEB 49066->49520 49070 89facf GetFileAttributesW 49067->49070 49068->49044 49073 88943e RtlFreeHeap 49069->49073 49075 89c8ce 49069->49075 49070->49074 49073->49075 49074->49054 49074->49066 49077 89c8df 49075->49077 49523 89cfb3 8 API calls 49075->49523 49076 88aa2d RtlFreeHeap RtlAllocateHeap 49076->49111 49078 88943e RtlFreeHeap 49077->49078 49080 89c8f3 49077->49080 49078->49080 49085 89c904 49080->49085 49524 89cfb3 8 API calls 49080->49524 49083 89c96b 49434 8a22b1 49083->49434 49085->49083 49525 88bbee 6 API calls 49085->49525 49086 89c976 49088 88943e RtlFreeHeap 49086->49088 49090 89c985 49088->49090 49089 89c94a 49091 88943e RtlFreeHeap 49089->49091 49093 88aa0b RtlFreeHeap 49090->49093 49092 89c959 49091->49092 49094 88aa0b RtlFreeHeap 49092->49094 49095 89c997 49093->49095 49094->49083 49097 89defb 7 API calls 49095->49097 49096 89aee1 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49096->49111 49098 89c9a7 49097->49098 49470 89fc7b 49098->49470 49100 89c9ac 49478 8a0fed 49100->49478 49105 88930a RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49105->49111 49106 89ca12 49494 8a1042 49106->49494 49107 8dd3d7 RtlFreeHeap 49107->49106 49109 88943e RtlFreeHeap 49109->49111 49110 889396 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49110->49111 49111->49063 49111->49076 49111->49096 49111->49105 49111->49109 49111->49110 49112 8dd493 ExitProcess GetPEB RtlFreeHeap GetPEB 49111->49112 49113 8ea8c8 ExitProcess GetPEB RtlFreeHeap GetPEB 49111->49113 49114 88aa0b RtlFreeHeap 49111->49114 49519 88bbee 6 API calls 49111->49519 49112->49111 49113->49111 49114->49111 49116 88bf4c CreateFileW 49115->49116 49118 88bf6d 49116->49118 49117 88b7e8 49117->48880 49119 8a1b1e 49117->49119 49118->49116 49118->49117 49120 8a1b2a 49119->49120 49121 8a1b3b CreateFileW 49120->49121 49129 8a1b33 49120->49129 49122 8a1b68 49121->49122 49121->49129 49123 8a1b80 49122->49123 49124 8a1b76 49122->49124 50054 8b7510 49123->50054 49125 8b7510 10 API calls 49124->49125 49125->49129 49127 8a1b87 49128 8b7510 10 API calls 49127->49128 49127->49129 49128->49129 49129->48848 49131 89defb 7 API calls 49130->49131 49132 88baff 49131->49132 49133 89e418 49132->49133 49134 89e502 49133->49134 49135 89e457 49133->49135 49136 89defb 7 API calls 49134->49136 49135->49134 49137 89e45e 49135->49137 49138 88bb2a 49136->49138 49139 89defb 7 API calls 49137->49139 49138->48831 49138->48832 49139->49138 49140->48808 49141->48826 49142->48826 49144 89fadb 49143->49144 49145 89fae6 GetFileAttributesW 49144->49145 49146 89fb03 49145->49146 49146->48839 49147->48871 49148->48871 49149->48855 49150->48840 49152 88aa1a 49151->49152 49153 88aa22 49151->49153 50204 88a6ac 49152->50204 49153->48856 49162 88a916 49155->49162 49157 88aa5b 49157->48885 49159 889471 49158->49159 49160 889456 49158->49160 49159->48887 49160->49159 49161 88aa0b RtlFreeHeap 49160->49161 49161->49159 49165 88a922 49162->49165 49163 88a975 49164 8d3a91 2 API calls 49163->49164 49166 88a9f4 49163->49166 49164->49166 49165->49163 49168 8d3a91 49165->49168 49166->49157 49171 8d3a64 49168->49171 49172 8d3a7a 49171->49172 49173 8d3a73 49171->49173 49178 8edde4 RtlFreeHeap RtlAllocateHeap 49172->49178 49177 8edd67 RtlFreeHeap RtlAllocateHeap 49173->49177 49176 8d3a78 49176->49163 49177->49176 49178->49176 49180 8dd089 49179->49180 49212 8d8a79 49180->49212 49182 8dd0a4 49221 8d846b 49182->49221 49185 8e1b84 49190 8ef49b 49185->49190 49186 8ef4d9 49232 8d882d RtlFreeHeap 49186->49232 49188 8ef4c4 RtlAllocateHeap 49189 89dfa7 49188->49189 49188->49190 49189->48899 49191 8dd0b6 49189->49191 49190->49186 49190->49188 49192 8dd0ca 49191->49192 49233 8d8bfc 49192->49233 49195 8d846b 4 API calls 49196 89dfe0 49195->49196 49197 88a284 ExitProcess GetPEB RtlFreeHeap RtlAllocateHeap GetPEB 49196->49197 49197->48903 49244 88bda7 49198->49244 49200 88bda5 49200->48906 49201 88bec1 ExitProcess GetPEB RtlFreeHeap RtlAllocateHeap GetPEB 49200->49201 49201->48906 49202->48919 49204 8892a5 49203->49204 49205 88953c 2 API calls 49204->49205 49206 8892be 49205->49206 49274 8895e9 49206->49274 49208 8892ff 49208->48921 49300 8ef461 49209->49300 49211 89e27b 49211->48935 49213 8d8ac8 49212->49213 49214 8d8aa5 49212->49214 49213->49214 49216 8d8ad0 49213->49216 49227 8d86b2 RtlFreeHeap 49214->49227 49228 8db1b0 ExitProcess GetPEB RtlFreeHeap RtlAllocateHeap GetPEB 49216->49228 49218 8d8b51 49229 8da6cf RtlFreeHeap 49218->49229 49220 8d8abd 49220->49182 49222 8d8477 49221->49222 49224 8d848e 49222->49224 49230 8d8516 ExitProcess GetPEB RtlFreeHeap GetPEB 49222->49230 49223 89df8f 49223->49185 49224->49223 49231 8d8516 ExitProcess GetPEB RtlFreeHeap GetPEB 49224->49231 49227->49220 49228->49218 49229->49220 49230->49224 49231->49223 49232->49189 49234 8d8c08 49233->49234 49235 8d8c2b 49233->49235 49241 8d86b2 RtlFreeHeap 49234->49241 49239 8d8c52 49235->49239 49242 8d88f6 ExitProcess GetPEB RtlFreeHeap RtlAllocateHeap GetPEB 49235->49242 49240 8d8c23 49239->49240 49243 8d86b2 RtlFreeHeap 49239->49243 49240->49195 49241->49240 49242->49239 49243->49240 49245 88bdb3 49244->49245 49246 8dd075 5 API calls 49245->49246 49247 88bdf0 49245->49247 49248 88bddf 49246->49248 49248->49247 49259 88953c 49248->49259 49252 88be09 49267 88a41f 49252->49267 49255 8dd0b6 5 API calls 49256 88be31 49255->49256 49257 88aa0b RtlFreeHeap 49256->49257 49258 88be4c 49257->49258 49258->49200 49260 889567 49259->49260 49261 88a916 2 API calls 49260->49261 49262 889575 49260->49262 49261->49262 49263 88be5f 49262->49263 49264 88be6b 49263->49264 49266 88be9e 49264->49266 49272 88963a RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49264->49272 49266->49252 49268 88a44c 49267->49268 49269 88a42c 49267->49269 49270 88a445 49269->49270 49273 88a3ca RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49269->49273 49270->49255 49272->49266 49273->49270 49275 88a41f 5 API calls 49274->49275 49276 889606 49275->49276 49281 88a457 49276->49281 49278 889615 49279 88a457 4 API calls 49278->49279 49280 889627 49279->49280 49280->49208 49282 88a469 49281->49282 49291 88a465 49281->49291 49283 88a46d 49282->49283 49286 88a480 49282->49286 49295 8d882d RtlFreeHeap 49283->49295 49285 88a472 49296 8d872f ExitProcess GetPEB RtlFreeHeap GetPEB 49285->49296 49288 88a4ab 49286->49288 49289 88a4b4 49286->49289 49286->49291 49297 8d882d RtlFreeHeap 49288->49297 49289->49291 49298 8d882d RtlFreeHeap 49289->49298 49291->49278 49292 88a4b0 49299 8d872f ExitProcess GetPEB RtlFreeHeap GetPEB 49292->49299 49295->49285 49296->49291 49297->49292 49298->49292 49299->49291 49301 8ef46c RtlFreeHeap 49300->49301 49302 8ef481 49300->49302 49301->49302 49302->49211 49309 8ea845 49303->49309 49304 8ea861 49526 8d882d RtlFreeHeap 49304->49526 49306 8ea86b 49527 8d872f ExitProcess GetPEB RtlFreeHeap GetPEB 49306->49527 49308 89bd4a 49308->48989 49505 88948c 49308->49505 49309->49304 49310 8ea891 49309->49310 49310->49308 49528 8d882d RtlFreeHeap 49310->49528 49313 89cb24 49312->49313 49314 88bd07 5 API calls 49313->49314 49315 89cb4c 49314->49315 49315->48997 49317 8a21f2 49316->49317 49322 8a2215 49316->49322 49318 8a2203 GetFileVersionInfoSizeW 49317->49318 49317->49322 49319 8a2222 49318->49319 49318->49322 49320 8e1b84 2 API calls 49319->49320 49321 8a2228 49320->49321 49321->49322 49323 8a223d GetFileVersionInfoW 49321->49323 49322->49003 49324 8a2250 49323->49324 49325 8dd3d7 RtlFreeHeap 49324->49325 49325->49322 49327 8893af 49326->49327 49328 8893ff 49326->49328 49327->49328 49329 88a41f 5 API calls 49327->49329 49328->49006 49329->49327 49331 8a15c0 49330->49331 49332 8a15c5 49330->49332 49331->49014 49332->49331 49529 8ea3d9 ExitProcess GetPEB RtlFreeHeap GetPEB 49332->49529 49335 88898a 49334->49335 49336 88aa2d 2 API calls 49335->49336 49337 8889ab 49336->49337 49530 8a1346 RegOpenKeyExW 49337->49530 49340 888a39 RegQueryValueExW 49341 888a78 49340->49341 49365 888adf 49341->49365 49541 888890 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49341->49541 49343 888b69 49346 889396 5 API calls 49343->49346 49344 8890e4 49345 89defb 7 API calls 49344->49345 49348 888b2e 49345->49348 49352 888b76 49346->49352 49347 888aa7 49542 88ab09 ExitProcess GetPEB RtlFreeHeap GetPEB 49347->49542 49350 88911a 49348->49350 49351 88910e RegCloseKey 49348->49351 49356 88aa0b RtlFreeHeap 49350->49356 49351->49350 49353 888b97 49352->49353 49544 889414 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49352->49544 49354 88943e RtlFreeHeap 49353->49354 49358 888ba2 RegQueryValueExW 49354->49358 49355 888ac9 49359 89facf GetFileAttributesW 49355->49359 49360 88912c 49356->49360 49367 888bde 49358->49367 49361 888ad4 49359->49361 49360->49018 49362 888ad8 49361->49362 49363 888ae1 49361->49363 49543 88a2b2 RtlFreeHeap 49362->49543 49363->49365 49366 888b1d 49363->49366 49365->49343 49365->49344 49370 89defb 7 API calls 49366->49370 49368 88943e RtlFreeHeap 49367->49368 49373 888c2a 49367->49373 49368->49373 49370->49348 49371 888cdf 49374 888d23 49371->49374 49545 88a284 ExitProcess GetPEB RtlFreeHeap RtlAllocateHeap GetPEB 49371->49545 49538 8b5a80 49373->49538 49375 888d82 RegQueryValueExW 49374->49375 49376 888dbc 49375->49376 49394 888db1 RegQueryValueExW 49375->49394 49377 889299 6 API calls 49376->49377 49378 888dce 49377->49378 49380 8a21d1 4 API calls 49378->49380 49381 888de9 49380->49381 49383 888e1d 49381->49383 49385 889299 6 API calls 49381->49385 49382 888f04 RegQueryValueExW 49398 888eca 49382->49398 49389 888e58 49383->49389 49393 88aa0b RtlFreeHeap 49383->49393 49384 888fb1 49387 88948c 6 API calls 49384->49387 49388 888dff 49385->49388 49386 88948c 6 API calls 49386->49398 49390 888fdd 49387->49390 49391 8a21d1 4 API calls 49388->49391 49389->49394 49395 88aa0b RtlFreeHeap 49389->49395 49547 88936e 6 API calls 49390->49547 49391->49383 49393->49389 49394->49398 49395->49394 49397 888fe8 49548 889693 6 API calls 49397->49548 49398->49382 49398->49384 49398->49386 49399 88aa0b RtlFreeHeap 49398->49399 49401 889138 49398->49401 49546 88930a RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49398->49546 49399->49398 49402 888ffc 49403 88aa0b RtlFreeHeap 49402->49403 49404 889016 49403->49404 49405 88948c 6 API calls 49404->49405 49406 889026 49405->49406 49549 88936e 6 API calls 49406->49549 49408 889031 49550 889693 6 API calls 49408->49550 49410 889040 49411 88aa0b RtlFreeHeap 49410->49411 49412 88905a 49411->49412 49413 88948c 6 API calls 49412->49413 49414 88906a 49413->49414 49551 88936e 6 API calls 49414->49551 49416 889075 49552 889693 6 API calls 49416->49552 49418 889084 49419 88aa0b RtlFreeHeap 49418->49419 49420 88909e 49419->49420 49421 88948c 6 API calls 49420->49421 49422 8890ae 49421->49422 49553 88936e 6 API calls 49422->49553 49424 8890b9 49554 889693 6 API calls 49424->49554 49426 8890c8 49427 88aa0b RtlFreeHeap 49426->49427 49427->49348 49429 89ae42 49428->49429 49430 88953c 2 API calls 49429->49430 49431 89ae58 49430->49431 49432 8895e9 5 API calls 49431->49432 49433 89ae80 49432->49433 49433->49032 49435 8a22c0 49434->49435 49436 88948c 6 API calls 49435->49436 49437 8a22e3 49436->49437 49438 88aa2d 2 API calls 49437->49438 49439 8a22fc 49438->49439 49853 896c39 49439->49853 49443 8a2339 49445 88aa0b RtlFreeHeap 49443->49445 49454 8a2376 49443->49454 49444 8a2332 49444->49443 49446 88a916 2 API calls 49444->49446 49447 8a24e7 49445->49447 49448 8a2370 49446->49448 49447->49086 49449 8a23bb 49448->49449 49451 8a239e 49448->49451 49448->49454 49891 8a2fcf RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49449->49891 49456 8a23b9 49451->49456 49890 8a2f13 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49451->49890 49453 8a24c5 49455 88aa0b RtlFreeHeap 49453->49455 49454->49086 49455->49443 49456->49453 49892 8eb928 ExitProcess GetPEB RtlFreeHeap GetPEB 49456->49892 49458 8a23f2 49458->49453 49893 8eb928 ExitProcess GetPEB RtlFreeHeap GetPEB 49458->49893 49460 8a242e 49460->49453 49894 8a2d56 6 API calls 49460->49894 49462 8a245d 49895 8a2e5a RtlFreeHeap RtlFreeHeap 49462->49895 49464 8a24ab 49466 88aa0b RtlFreeHeap 49464->49466 49465 8a247d 49465->49464 49467 8dd3d7 RtlFreeHeap 49465->49467 49468 8a24be 49466->49468 49467->49464 49896 89af37 6 API calls 49468->49896 49474 89fcaf 49470->49474 49471 89fd1f 49472 89fd37 FindCloseChangeNotification 49471->49472 49473 89fd40 49471->49473 49472->49473 49473->49100 49474->49471 49475 89fcef GetTokenInformation 49474->49475 49476 89fd06 49475->49476 49477 8dd3d7 RtlFreeHeap 49476->49477 49477->49471 49980 88c1cd 49478->49980 49481 88c1cd RtlFreeHeap 49482 8a1025 49481->49482 49985 8a0e2b 49482->49985 49484 8a1039 50001 8a09a0 49484->50001 49486 89c9c6 49487 8a06b1 49486->49487 49488 8a06f9 49487->49488 49489 8a06c1 RegOpenKeyExW 49487->49489 50045 8a053d 49488->50045 49489->49488 49491 8a06ea 49489->49491 49492 89defb 7 API calls 49491->49492 49493 89c9f8 49492->49493 49493->49106 49493->49107 50049 88cc46 49494->50049 49496 8a106b RegOpenKeyExW 49497 8a10a3 49496->49497 49498 8a1144 49496->49498 49499 8a06b1 9 API calls 49497->49499 49500 8a115d 49498->49500 49501 8dd3d7 RtlFreeHeap 49498->49501 49502 8a10c3 49499->49502 49500->49055 49501->49500 49502->49498 50051 89b9fe ExitProcess GetPEB RtlFreeHeap GetPEB 49502->50051 50052 8a3192 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49502->50052 49506 889498 49505->49506 49507 88a916 2 API calls 49506->49507 49508 8894a2 49507->49508 49510 8894cf 49508->49510 50053 88963a RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49508->50053 49510->48992 49511->49011 49513 88bd88 49512->49513 49514 88bd2a 49512->49514 49514->49513 49515 88a41f 5 API calls 49514->49515 49516 88bd5d 49515->49516 49517 88a457 4 API calls 49516->49517 49518 88bd74 49517->49518 49518->49027 49519->49111 49520->49061 49521->49065 49522->49069 49523->49077 49524->49085 49525->49089 49526->49306 49527->49308 49528->49306 49529->49332 49531 8a138b 49530->49531 49532 888a0a RegOpenKeyExW 49530->49532 49531->49532 49533 8a139a RegQueryValueExW 49531->49533 49532->49340 49532->49341 49534 8a13b8 49533->49534 49537 8a13ca 49533->49537 49535 8e1b84 2 API calls 49534->49535 49534->49537 49535->49537 49536 8dd3d7 RtlFreeHeap 49536->49532 49537->49532 49537->49536 49555 8c0790 49538->49555 49540 8b5ac4 49540->49371 49541->49347 49542->49355 49543->49365 49544->49353 49545->49371 49546->49398 49547->49397 49548->49402 49549->49408 49550->49410 49551->49416 49552->49418 49553->49424 49554->49426 49556 8c07cd 49555->49556 49557 88a916 2 API calls 49556->49557 49575 8c07d6 49556->49575 49558 8c0806 49557->49558 49559 88a916 2 API calls 49558->49559 49561 8c0f15 49558->49561 49560 8c0835 49559->49560 49560->49561 49562 88a916 2 API calls 49560->49562 49561->49540 49563 8c0861 49562->49563 49563->49561 49564 88a916 2 API calls 49563->49564 49565 8c088d 49564->49565 49565->49561 49576 8c0510 49565->49576 49567 8c08c7 49568 88a916 2 API calls 49567->49568 49569 8c08e8 49568->49569 49569->49561 49624 8c2350 49569->49624 49571 8c0a9f 49637 8c23c0 49571->49637 49573 8c0aaa 49689 8c2de0 49573->49689 49575->49540 49577 88a916 2 API calls 49576->49577 49578 8c0547 49577->49578 49579 88a916 2 API calls 49578->49579 49581 8c0727 49578->49581 49580 8c056f 49579->49580 49580->49581 49583 88a916 2 API calls 49580->49583 49582 88a916 2 API calls 49581->49582 49586 8c072d 49581->49586 49584 8c0806 49582->49584 49585 8c0594 49583->49585 49587 88a916 2 API calls 49584->49587 49591 8c0f15 49584->49591 49585->49581 49588 88a916 2 API calls 49585->49588 49586->49567 49589 8c0835 49587->49589 49590 8c05b9 49588->49590 49589->49591 49592 88a916 2 API calls 49589->49592 49590->49581 49593 88a916 2 API calls 49590->49593 49591->49567 49594 8c0861 49592->49594 49595 8c05de 49593->49595 49594->49591 49596 88a916 2 API calls 49594->49596 49595->49581 49597 88a916 2 API calls 49595->49597 49598 8c088d 49596->49598 49599 8c0603 49597->49599 49598->49591 49600 8c0510 22 API calls 49598->49600 49599->49581 49601 88a916 2 API calls 49599->49601 49602 8c08c7 49600->49602 49603 8c0628 49601->49603 49604 88a916 2 API calls 49602->49604 49603->49581 49605 88a916 2 API calls 49603->49605 49607 8c08e8 49604->49607 49606 8c064d 49605->49606 49606->49581 49608 88a916 2 API calls 49606->49608 49607->49591 49609 8c2350 20 API calls 49607->49609 49610 8c0672 49608->49610 49611 8c0a9f 49609->49611 49610->49581 49615 88a916 2 API calls 49610->49615 49612 8c23c0 9 API calls 49611->49612 49613 8c0aaa 49612->49613 49614 8c2de0 6 API calls 49613->49614 49614->49586 49616 8c0697 49615->49616 49616->49581 49617 88a916 2 API calls 49616->49617 49618 8c06bc 49617->49618 49618->49581 49619 88a916 2 API calls 49618->49619 49620 8c06e1 49619->49620 49620->49581 49621 88a916 2 API calls 49620->49621 49622 8c0706 49621->49622 49622->49581 49623 88a916 2 API calls 49622->49623 49623->49581 49625 8c2370 49624->49625 49626 8c2360 49624->49626 49697 8c13f0 49625->49697 49626->49571 49628 8c2379 49719 8c1760 49628->49719 49630 8c2393 49748 8c19e0 49630->49748 49632 8c239d 49770 8c1d00 49632->49770 49634 8c23a7 49792 8c1fc0 49634->49792 49636 8c23b1 49636->49571 49638 8c2430 49637->49638 49644 8c2459 49638->49644 49669 8c243e 49638->49669 49673 8c2533 49638->49673 49639 8dd3d7 RtlFreeHeap 49640 8c2d63 49639->49640 49641 8dd3d7 RtlFreeHeap 49640->49641 49642 8c2d6b 49641->49642 49643 8dd3d7 RtlFreeHeap 49642->49643 49645 8c2d73 49643->49645 49646 8c248d GetSystemFirmwareTable 49644->49646 49650 8c24f9 49644->49650 49645->49573 49647 8c2499 49646->49647 49646->49650 49648 8e1b84 2 API calls 49647->49648 49652 8c24ad 49648->49652 49649 88a916 2 API calls 49653 8c281b 49649->49653 49650->49649 49656 8c289c 49650->49656 49650->49669 49651 88a916 2 API calls 49687 8c2aeb 49651->49687 49655 8c24ef GetSystemFirmwareTable 49652->49655 49652->49669 49654 8c2dc9 49653->49654 49836 8c22c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49653->49836 49655->49650 49658 8c294b 49656->49658 49839 8c22c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49656->49839 49663 8c29eb 49658->49663 49658->49687 49840 8c22c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49658->49840 49661 8c2a09 49841 8c22c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49661->49841 49668 8c2a6d 49663->49668 49663->49687 49842 8c22c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49663->49842 49664 8c2a88 49843 8c22c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49664->49843 49666 8c2847 49666->49656 49837 8c3530 ExitProcess GetPEB RtlFreeHeap GetPEB 49666->49837 49668->49687 49844 8c22c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49668->49844 49669->49639 49672 8c2876 49672->49656 49838 8eb915 ExitProcess GetPEB RtlFreeHeap GetPEB 49672->49838 49673->49650 49681 8e1b84 2 API calls 49673->49681 49674 8c2b18 49845 8c22c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49674->49845 49677 8c2b9e 49677->49669 49679 8c2ce6 49677->49679 49846 8c22c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49677->49846 49679->49669 49847 8c22c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49679->49847 49681->49650 49682 8c2da8 49848 8c22c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49682->49848 49684 8c22c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49684->49687 49685 8c2db6 49849 8c22c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49685->49849 49687->49651 49687->49654 49687->49677 49687->49684 49688 8c31d0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49687->49688 49688->49687 49690 88a916 2 API calls 49689->49690 49696 8c2e1c 49690->49696 49692 8c2f82 49693 8c2fc0 49692->49693 49852 896d2f RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49692->49852 49693->49575 49696->49692 49696->49693 49850 8ec382 ExitProcess GetPEB RtlFreeHeap GetPEB 49696->49850 49851 88a3ca RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49696->49851 49698 88a916 2 API calls 49697->49698 49699 8c142a 49698->49699 49700 88a916 2 API calls 49699->49700 49708 8c168b 49699->49708 49701 8c1452 49700->49701 49702 88a916 2 API calls 49701->49702 49701->49708 49703 8c1477 49702->49703 49706 8c14cb 49703->49706 49703->49708 49817 88a3ca RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49703->49817 49705 8c154e GetVolumePathNameW 49710 8c155f 49705->49710 49706->49705 49706->49708 49818 88a3ca RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49706->49818 49708->49628 49709 8c1548 49709->49705 49710->49708 49711 8c15bc GetVolumeNameForVolumeMountPointW 49710->49711 49819 88a3ca RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49710->49819 49717 8c15cd 49711->49717 49713 8c15b9 49713->49711 49714 8c1670 CreateFileW 49714->49708 49715 8c1695 DeviceIoControl 49714->49715 49715->49708 49716 8c165b 49716->49708 49716->49714 49717->49708 49717->49714 49717->49716 49820 88a3ca RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49717->49820 49720 88a916 2 API calls 49719->49720 49722 8c179c 49720->49722 49721 8c19ca 49722->49721 49723 88bd93 6 API calls 49722->49723 49724 8c17e4 CreateFileW 49723->49724 49725 8c1810 49724->49725 49730 8c1803 49724->49730 49726 8e1b84 2 API calls 49725->49726 49727 8c181a 49726->49727 49729 8c1838 DeviceIoControl 49727->49729 49727->49730 49728 8dd3d7 RtlFreeHeap 49731 8c198a 49728->49731 49729->49730 49732 8c186a 49729->49732 49730->49728 49731->49630 49732->49730 49733 8c1896 49732->49733 49735 8c1947 49732->49735 49734 88a916 2 API calls 49733->49734 49737 8c18a2 49734->49737 49825 8a2fcf RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49735->49825 49737->49721 49740 8c18e1 49737->49740 49821 896d2f RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49737->49821 49738 8c196a 49826 8c3090 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49738->49826 49822 8c1280 ExitProcess GetPEB RtlFreeHeap GetPEB 49740->49822 49743 8c18ef 49743->49721 49823 8c32c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49743->49823 49745 8c191f 49745->49738 49746 8c1933 49745->49746 49824 8c3090 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49746->49824 49749 88a916 2 API calls 49748->49749 49750 8c1a37 49749->49750 49751 8c1cdf 49750->49751 49752 88a916 2 API calls 49750->49752 49753 8c1a87 49752->49753 49753->49751 49754 88bd93 6 API calls 49753->49754 49759 8c1aaa 49753->49759 49755 8c1ac5 CreateFileW 49754->49755 49757 8c1af7 DeviceIoControl 49755->49757 49755->49759 49756 8dd3d7 RtlFreeHeap 49760 8c1c7d 49756->49760 49758 8c1b25 49757->49758 49757->49759 49758->49759 49761 8e1b84 2 API calls 49758->49761 49759->49756 49760->49632 49762 8c1b54 49761->49762 49762->49759 49763 8c1b77 DeviceIoControl 49762->49763 49763->49759 49764 8c1bda 49763->49764 49766 8c1c1b 49764->49766 49827 896d2f RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49764->49827 49766->49751 49828 8c3090 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49766->49828 49768 8c1c5d 49829 8c32c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49768->49829 49771 88a916 2 API calls 49770->49771 49772 8c1d56 49771->49772 49773 8c1f9e 49772->49773 49774 88a916 2 API calls 49772->49774 49775 8c1da6 49774->49775 49775->49773 49776 88bd93 6 API calls 49775->49776 49777 8c1dd0 49776->49777 49778 8c1e02 DeviceIoControl 49777->49778 49780 8c1df4 49777->49780 49779 8c1e30 49778->49779 49778->49780 49781 8e1b84 2 API calls 49779->49781 49782 8dd3d7 RtlFreeHeap 49780->49782 49783 8c1e3a 49781->49783 49785 8c1f3c 49782->49785 49783->49780 49784 8c1e5d DeviceIoControl 49783->49784 49784->49780 49786 8c1e99 49784->49786 49785->49634 49788 8c1eda 49786->49788 49830 896d2f RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49786->49830 49788->49773 49831 8c3090 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49788->49831 49790 8c1f1c 49832 8c32c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49790->49832 49793 88a916 2 API calls 49792->49793 49794 8c1ffd 49793->49794 49795 8c22ab 49794->49795 49796 88a916 2 API calls 49794->49796 49797 8c202d 49796->49797 49797->49795 49798 88bd93 6 API calls 49797->49798 49799 8c2055 CreateFileW 49798->49799 49800 8c2087 49799->49800 49803 8c2079 49799->49803 49801 8e1b84 2 API calls 49800->49801 49802 8c208e 49801->49802 49802->49803 49804 8e1b84 2 API calls 49802->49804 49805 8dd3d7 RtlFreeHeap 49803->49805 49808 8c20ad 49804->49808 49806 8c2247 49805->49806 49807 8dd3d7 RtlFreeHeap 49806->49807 49809 8c224f 49807->49809 49808->49803 49810 8c2158 DeviceIoControl 49808->49810 49809->49636 49810->49808 49811 8c21a7 49810->49811 49813 8c21e7 49811->49813 49833 896d2f RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49811->49833 49813->49795 49834 8c3090 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49813->49834 49815 8c2229 49835 8c32c0 RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49815->49835 49817->49706 49818->49709 49819->49713 49820->49716 49821->49740 49822->49743 49823->49745 49824->49730 49825->49738 49826->49730 49827->49766 49828->49768 49829->49759 49830->49788 49831->49790 49832->49780 49833->49813 49834->49815 49835->49803 49836->49666 49837->49672 49838->49656 49839->49658 49840->49661 49841->49663 49842->49664 49843->49668 49844->49674 49845->49687 49846->49679 49847->49682 49848->49685 49849->49669 49850->49696 49851->49696 49852->49693 49854 896c66 49853->49854 49855 896c46 49853->49855 49856 896c5f 49855->49856 49897 896d2f RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 49855->49897 49858 8b50b0 49856->49858 49859 8b50cb 49858->49859 49860 89e3a4 7 API calls 49859->49860 49861 8b5129 49860->49861 49862 88aa2d 2 API calls 49861->49862 49863 8b518e 49862->49863 49864 88aa2d 2 API calls 49863->49864 49866 8b519d 49864->49866 49865 88aa0b RtlFreeHeap 49867 8b5913 49865->49867 49869 8b58ce 49866->49869 49872 8b5288 49866->49872 49878 8b52c3 49866->49878 49868 88aa0b RtlFreeHeap 49867->49868 49871 8b5926 49868->49871 49898 8b3fab 49869->49898 49874 89e418 7 API calls 49871->49874 49873 89defb 7 API calls 49872->49873 49876 8b5293 49873->49876 49875 8b5935 49874->49875 49875->49444 49876->49878 49881 8b52db 49876->49881 49962 88a284 ExitProcess GetPEB RtlFreeHeap RtlAllocateHeap GetPEB 49876->49962 49878->49865 49879 8dd3d7 RtlFreeHeap 49879->49878 49880 8b54d5 49880->49879 49881->49878 49881->49880 49882 89cb18 5 API calls 49881->49882 49883 8b5608 49882->49883 49883->49880 49884 8b5788 49883->49884 49887 8b583a 49883->49887 49963 89d0c3 7 API calls 49884->49963 49886 89d2af 7 API calls 49886->49880 49887->49880 49887->49886 49888 8b579d 49888->49880 49964 89d2af 49888->49964 49890->49456 49891->49456 49892->49458 49893->49460 49894->49462 49895->49465 49896->49453 49897->49856 49899 8b3fc6 49898->49899 49900 89e3a4 7 API calls 49899->49900 49901 8b4031 49900->49901 49902 88aa2d 2 API calls 49901->49902 49903 8b40ae 49902->49903 49904 88aa2d 2 API calls 49903->49904 49905 8b40bf 49904->49905 49906 8b41d7 49905->49906 49907 8b41ca 49905->49907 49974 8b4dac 6 API calls 49905->49974 49911 88aa0b RtlFreeHeap 49906->49911 49907->49906 49908 8b42e4 49907->49908 49909 89defb 7 API calls 49907->49909 49908->49906 49913 8b4376 49908->49913 49919 8b4326 49908->49919 49909->49908 49912 8b424a 49911->49912 49914 88aa0b RtlFreeHeap 49912->49914 49976 88a284 ExitProcess GetPEB RtlFreeHeap RtlAllocateHeap GetPEB 49913->49976 49916 8b425d 49914->49916 49917 89e418 7 API calls 49916->49917 49918 8b426c 49917->49918 49918->49878 49921 8b432b 49919->49921 49975 8ea907 ExitProcess GetPEB RtlFreeHeap GetPEB 49919->49975 49921->49906 49923 8b4496 49921->49923 49977 88a284 ExitProcess GetPEB RtlFreeHeap RtlAllocateHeap GetPEB 49921->49977 49923->49906 49924 8b451b DnsQuery_W 49923->49924 49925 8b45f0 49923->49925 49924->49906 49934 8b453f 49924->49934 49926 89cb18 5 API calls 49925->49926 49927 8b4676 49925->49927 49926->49927 49928 8b46d3 49927->49928 49929 8b4701 49927->49929 49928->49906 49932 89defb 7 API calls 49928->49932 49930 89cb18 5 API calls 49929->49930 49931 8b4725 49930->49931 49933 88aa2d 2 API calls 49931->49933 49932->49906 49935 8b474a 49933->49935 49934->49906 49934->49925 49936 89cb18 5 API calls 49934->49936 49940 8b47ad 49935->49940 49945 8b47eb 49935->49945 49937 8b4614 49936->49937 49938 89cb18 5 API calls 49937->49938 49939 8b4624 49938->49939 49978 88a284 ExitProcess GetPEB RtlFreeHeap RtlAllocateHeap GetPEB 49939->49978 49941 8b47d1 49940->49941 49943 89defb 7 API calls 49940->49943 49942 88aa0b RtlFreeHeap 49941->49942 49942->49906 49943->49941 49945->49941 49948 8b48bf 49945->49948 49946 8b4956 49947 8b49ae 49946->49947 49949 89defb 7 API calls 49946->49949 49954 8b4a18 49947->49954 49959 8b4aa3 49947->49959 49979 89d0c3 7 API calls 49947->49979 49948->49946 49948->49947 49950 89defb 7 API calls 49948->49950 49949->49947 49950->49946 49952 8b49fb 49953 89defb 7 API calls 49952->49953 49952->49954 49953->49954 49956 89d2af 7 API calls 49954->49956 49954->49959 49955 89d2af 7 API calls 49955->49959 49956->49959 49957 89defb 7 API calls 49957->49959 49958 8b4bc9 49960 8b4bda 49958->49960 49961 89defb 7 API calls 49958->49961 49959->49955 49959->49957 49959->49958 49960->49960 49961->49960 49962->49881 49963->49888 49965 89d2bb 49964->49965 49966 89e3a4 7 API calls 49965->49966 49967 89d2dd 49966->49967 49970 8e1b84 2 API calls 49967->49970 49972 89d33e 49967->49972 49968 89e418 7 API calls 49969 89d53e 49968->49969 49969->49880 49973 89d3e4 49970->49973 49971 8dd3d7 RtlFreeHeap 49971->49972 49972->49968 49973->49971 49973->49972 49974->49907 49975->49921 49976->49921 49977->49923 49978->49925 49979->49952 49981 88c1f9 49980->49981 49982 88c222 49981->49982 49983 88c1cd RtlFreeHeap 49981->49983 50038 88c167 RtlFreeHeap 49981->50038 49982->49481 49983->49981 49986 8a0e37 49985->49986 49987 88948c 6 API calls 49986->49987 49988 8a0e4d 49987->49988 49989 88948c 6 API calls 49988->49989 49990 8a0e5d RegOpenKeyExW 49989->49990 49991 8a0fb2 49990->49991 49999 8a0e86 49990->49999 49993 8dd3d7 RtlFreeHeap 49991->49993 49994 8a0fce 49991->49994 49992 8a06b1 9 API calls 49992->49999 49993->49994 49994->49484 49995 88948c 6 API calls 49995->49999 49996 88aa0b RtlFreeHeap 49996->49999 49998 88a41f 5 API calls 49998->49999 49999->49991 49999->49992 49999->49995 49999->49996 49999->49998 50039 889d24 ExitProcess GetPEB RtlFreeHeap GetPEB 49999->50039 50040 8a0729 7 API calls 49999->50040 50002 8a09ac 50001->50002 50003 88aa2d 2 API calls 50002->50003 50004 8a09bc 50003->50004 50005 88bd93 6 API calls 50004->50005 50006 8a09d3 RegOpenKeyExW 50005->50006 50007 8a0df6 50006->50007 50008 8a09f6 50006->50008 50010 88aa0b RtlFreeHeap 50007->50010 50009 88aa2d 2 API calls 50008->50009 50014 8a0bf3 50008->50014 50011 8a0a18 50009->50011 50012 8a0e23 50010->50012 50013 88a41f 5 API calls 50011->50013 50012->49486 50034 8a0a42 50013->50034 50014->50007 50015 88aa2d 2 API calls 50014->50015 50016 8a0c31 50015->50016 50017 88a41f 5 API calls 50016->50017 50036 8a0c54 50017->50036 50018 8a0be3 50019 88aa0b RtlFreeHeap 50018->50019 50019->50014 50020 8a06b1 9 API calls 50020->50034 50021 88aa0b RtlFreeHeap 50021->50034 50022 8a0de8 50023 88aa0b RtlFreeHeap 50022->50023 50023->50007 50024 8a06b1 9 API calls 50024->50036 50025 8dd3d7 RtlFreeHeap 50025->50034 50026 88a41f RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50026->50034 50027 88aa2d RtlFreeHeap RtlAllocateHeap 50027->50034 50028 8dd3d7 RtlFreeHeap 50028->50036 50029 88aa2d RtlFreeHeap RtlAllocateHeap 50029->50036 50030 88a41f RtlFreeHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50030->50036 50031 88aa0b RtlFreeHeap 50031->50036 50034->50018 50034->50020 50034->50021 50034->50025 50034->50026 50034->50027 50041 89b9fe ExitProcess GetPEB RtlFreeHeap GetPEB 50034->50041 50042 8a0729 7 API calls 50034->50042 50036->50022 50036->50024 50036->50028 50036->50029 50036->50030 50036->50031 50043 89b9fe ExitProcess GetPEB RtlFreeHeap GetPEB 50036->50043 50044 8a0729 7 API calls 50036->50044 50038->49981 50039->49999 50040->49999 50041->50034 50042->50034 50043->50036 50044->50036 50047 8a0565 50045->50047 50048 8a055d 50045->50048 50046 8a05a3 RegQueryValueExW 50046->50048 50047->50046 50047->50048 50048->49493 50050 88cc71 50049->50050 50050->49496 50051->49502 50052->49502 50053->49510 50055 8b754d 50054->50055 50059 8b7561 50055->50059 50060 8b7651 50055->50060 50069 8c3780 50055->50069 50059->49127 50081 8c5750 50060->50081 50061 8b7686 50084 8c5710 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50061->50084 50062 8b75ee 50062->50061 50064 8b75f7 50062->50064 50075 8b72b0 50064->50075 50066 8b7606 50066->50059 50067 8b762c FindCloseChangeNotification 50066->50067 50067->50059 50068 8b76a1 50068->49127 50070 8c378f 50069->50070 50085 8c36b0 50070->50085 50072 8c379c 50099 8c3860 50072->50099 50074 8b75d7 50074->50060 50074->50062 50076 8b741d 50075->50076 50108 8b5c20 50076->50108 50078 8b7438 50127 8b5f70 50078->50127 50080 8b7472 50182 8c5610 50081->50182 50083 8c5778 50083->50061 50084->50068 50086 8c36e0 50085->50086 50087 8c3739 50086->50087 50088 8c36e4 50086->50088 50092 8c5750 5 API calls 50087->50092 50089 8c371c 50088->50089 50090 8c36f6 CreateFileMappingW 50088->50090 50089->50072 50091 8c370e 50090->50091 50091->50089 50093 8c5750 5 API calls 50091->50093 50092->50091 50094 8c376f 50093->50094 50095 8c36b0 6 API calls 50094->50095 50096 8c379c 50095->50096 50097 8c3860 6 API calls 50096->50097 50098 8c37a6 50097->50098 50098->50072 50100 8c3935 50099->50100 50104 8c3894 50099->50104 50107 8c5710 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50100->50107 50102 8c392c 50103 8c5750 5 API calls 50102->50103 50106 8c390f 50103->50106 50104->50102 50105 8c38fd MapViewOfFile 50104->50105 50104->50106 50105->50102 50105->50106 50106->50074 50107->50102 50110 8b5c60 50108->50110 50109 8b5ebe 50120 8b5ddd 50109->50120 50159 8b7ad0 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50109->50159 50110->50109 50111 8b5cf6 50110->50111 50110->50120 50115 8b5d12 50111->50115 50118 8b5de2 50111->50118 50111->50120 50113 8b5eed 50160 8b7a40 ExitProcess GetPEB RtlFreeHeap GetPEB 50113->50160 50115->50120 50157 8b7850 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50115->50157 50117 8b5f1e 50117->50078 50118->50120 50158 8b7850 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50118->50158 50120->50078 50121 8b5d7e 50121->50120 50161 8d873f ExitProcess GetPEB RtlFreeHeap GetPEB 50121->50161 50128 8b5fe8 50127->50128 50129 8b6125 50127->50129 50131 8b60d9 50128->50131 50132 8b5ff2 50128->50132 50130 8b6148 50129->50130 50162 8be880 50129->50162 50173 8b84a0 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50130->50173 50171 8a3ade 7 API calls 50131->50171 50133 8b6015 50132->50133 50137 8be880 7 API calls 50132->50137 50168 8b84a0 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50133->50168 50137->50133 50139 8b60e4 50172 8b6380 ExitProcess GetPEB RtlFreeHeap GetPEB 50139->50172 50141 8b6358 50178 8c5710 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50141->50178 50142 8b6353 50177 8d873f ExitProcess GetPEB RtlFreeHeap GetPEB 50142->50177 50143 8b62f9 50148 8b6327 50143->50148 50176 8d873f ExitProcess GetPEB RtlFreeHeap GetPEB 50143->50176 50147 8b6365 50148->50080 50149 8b6038 50169 8b82a0 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50149->50169 50150 8b62d0 50175 8b7a40 ExitProcess GetPEB RtlFreeHeap GetPEB 50150->50175 50152 8b60a2 50152->50141 50152->50142 50152->50143 50174 8b7ad0 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50152->50174 50153 8b6099 50170 8b6380 ExitProcess GetPEB RtlFreeHeap GetPEB 50153->50170 50157->50121 50158->50121 50159->50113 50160->50117 50163 8be88a 50162->50163 50167 8be8bd 50162->50167 50179 8be8f0 GetSystemInfo 50163->50179 50165 8be892 50181 8bf5f0 6 API calls 50165->50181 50167->50130 50168->50149 50169->50153 50170->50152 50171->50139 50172->50152 50173->50152 50174->50150 50175->50143 50178->50147 50180 8be959 50179->50180 50180->50165 50181->50167 50191 8d4a48 50182->50191 50185 8d4aab RtlFreeHeap 50187 8c5682 50185->50187 50188 8d4a48 5 API calls 50187->50188 50189 8c568c 50188->50189 50199 8d4aab 50189->50199 50190 8c56a6 50190->50083 50192 8c5668 50191->50192 50193 8d4a55 50191->50193 50192->50185 50192->50189 50193->50192 50194 8e1b84 2 API calls 50193->50194 50195 8d4a72 50194->50195 50196 8d4a82 50195->50196 50203 8eed57 ExitProcess GetPEB RtlFreeHeap GetPEB 50195->50203 50198 8dd3d7 RtlFreeHeap 50196->50198 50198->50192 50200 8d4ab8 50199->50200 50201 8d4abf 50199->50201 50202 8dd3d7 RtlFreeHeap 50200->50202 50201->50190 50202->50201 50203->50196 50205 88a6e2 50204->50205 50206 88a6d4 RtlFreeHeap 50204->50206 50205->49153 50206->50205 50207 8c5105 50208 8c511d 50207->50208 50209 8c5124 50208->50209 50210 8d3a91 2 API calls 50208->50210 50211 8c514c 50210->50211 50213 8c51c5 50211->50213 50233 8ebc63 ExitProcess GetPEB RtlFreeHeap GetPEB 50211->50233 50226 8c54e0 50213->50226 50215 8c51ef 50216 8c51fc 50215->50216 50217 8c5282 50215->50217 50219 8c5205 50216->50219 50234 8ed25a ExitProcess GetPEB RtlFreeHeap GetPEB 50216->50234 50230 8ed2a5 50217->50230 50235 8d3a3c ExitProcess GetPEB RtlFreeHeap GetPEB 50219->50235 50223 8c520e 50225 8c5290 50228 8c54f0 50226->50228 50227 8c5509 50227->50215 50228->50227 50237 8c52e0 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50228->50237 50238 8ed08d 50230->50238 50233->50213 50234->50219 50235->50223 50236 8ed269 ExitProcess GetPEB RtlFreeHeap GetPEB 50236->50225 50237->50228 50239 8ed0ba 50238->50239 50245 8ecf55 50239->50245 50241 8ed103 50242 8c5288 50241->50242 50249 8ed124 50241->50249 50242->50236 50244 8ed11e 50246 8ecf61 50245->50246 50253 8ecfa2 50246->50253 50248 8ecf78 50248->50241 50258 8ed198 50249->50258 50251 8ed12e 50252 8ed14a ExitProcess 50251->50252 50255 8ecfae 50253->50255 50254 8ed015 50254->50248 50255->50254 50257 8edd7d RtlFreeHeap 50255->50257 50257->50254 50263 8f235f GetPEB 50258->50263 50260 8ed19d 50261 8ed1b4 50260->50261 50262 8ed1a2 GetPEB 50260->50262 50261->50251 50262->50261 50263->50260 50264 8c5241 50265 8c5249 50264->50265 50266 8c5258 50265->50266 50270 8ed24b ExitProcess GetPEB RtlFreeHeap GetPEB 50265->50270 50271 8ed269 ExitProcess GetPEB RtlFreeHeap GetPEB 50266->50271 50268 8c5290 50270->50266 50271->50268 50272 8b6e95 50281 8b7b60 50272->50281 50274 8b6ea0 50296 8b7750 50274->50296 50276 8b6fec 50279 8b70c5 50276->50279 50302 8b8720 50276->50302 50280 8b711a 50279->50280 50308 8b87b0 7 API calls 50279->50308 50282 8b7c88 50281->50282 50286 8b7b7b 50281->50286 50312 88c4b0 RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50282->50312 50284 8b7c83 50311 88a19b RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50284->50311 50286->50284 50288 8b7bc5 50286->50288 50291 8b7bec 50286->50291 50288->50284 50290 8b7bd0 50288->50290 50309 88a19b RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50290->50309 50294 8b7bd6 50291->50294 50310 88a19b RtlAllocateHeap ExitProcess GetPEB RtlFreeHeap GetPEB 50291->50310 50295 8b7c5b 50294->50295 50313 8d873f ExitProcess GetPEB RtlFreeHeap GetPEB 50294->50313 50295->50274 50297 8b776b 50296->50297 50298 8b777a 50296->50298 50297->50276 50299 8b7b60 5 API calls 50298->50299 50300 8b7798 50298->50300 50301 8b7791 50299->50301 50300->50276 50301->50276 50303 8b8781 50302->50303 50304 8b8773 50302->50304 50314 8b8ac0 50303->50314 50305 8be880 7 API calls 50304->50305 50305->50303 50307 8b879e 50307->50279 50308->50279 50309->50294 50310->50294 50311->50282 50312->50294 50316 8b8acd 50314->50316 50315 8b8c79 50315->50307 50316->50315 50319 8bb8d0 50316->50319 50318 8b8d9f 50318->50307 50320 8bb928 50319->50320 50321 8bb9b1 50319->50321 50320->50321 50323 8e1b84 2 API calls 50320->50323 50324 8ef49b 50320->50324 50321->50318 50323->50321 50325 8ef4d9 50324->50325 50329 8ef4a9 50324->50329 50330 8d882d RtlFreeHeap 50325->50330 50327 8ef4c4 RtlAllocateHeap 50328 8ef4d7 50327->50328 50327->50329 50328->50321 50329->50325 50329->50327 50330->50328

                                                                                                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                                                                                                Function 008C23C0 Relevance: 11.3, APIs: 2, Strings: 4, Instructions: 846COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSystemFirmwareTable.KERNELBASE ref: 008C248D
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FirmwareSystemTable
                                                                                                                                                                                                                                                                                                • String ID: ,$@$_DMI$_SM_
                                                                                                                                                                                                                                                                                                • API String ID: 3847969577-3608713239
                                                                                                                                                                                                                                                                                                • Opcode ID: 957b4ea39c13d881347a42ab67ff40dd832c3ec5329ffdaacdb8f503681d3476
                                                                                                                                                                                                                                                                                                • Instruction ID: 30b4a987df9f952ba2b35db64f9feffd53631b3156c3bee43ccc841192370d14
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 957b4ea39c13d881347a42ab67ff40dd832c3ec5329ffdaacdb8f503681d3476
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0C629A70E046598BDB25CFA8C840BADBBB5FF14318F28415DE446EB382D735E986CB91
                                                                                                                                                                                                                                                                                                Function 008B3FAB Relevance: 7.9, APIs: 1, Strings: 3, Instructions: 870networkCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • DnsQuery_W.DNSAPI(?,00000001,00000000,00000000,?,00000000), ref: 008B4535
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Query_
                                                                                                                                                                                                                                                                                                • String ID: $2$<
                                                                                                                                                                                                                                                                                                • API String ID: 428220571-3520810159
                                                                                                                                                                                                                                                                                                • Opcode ID: a9b2b0682ea1332064a74623a4db5f8429b792de3bce9e6f1508b703a8e18ccb
                                                                                                                                                                                                                                                                                                • Instruction ID: e5e2376641009658a8cd9279cc95450eab0d70c958b756e5e42c52e030c53f61
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a9b2b0682ea1332064a74623a4db5f8429b792de3bce9e6f1508b703a8e18ccb
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 85628371915229AEDF36DB64CC46BEAB7BCFB44300F0450EAE419E2251DBB09F849F51
                                                                                                                                                                                                                                                                                                Function 0088897B Relevance: 11.0, APIs: 7, Instructions: 498registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 274 88897b-8889b4 call 8d4371 call 88aa2d 279 8889b6-8889e2 call 88a5c2 274->279 280 8889e7-888a37 call 88a5c2 * 2 call 8a1346 RegOpenKeyExW 274->280 279->280 289 888a88 280->289 290 888a39-888a76 RegQueryValueExW 280->290 292 888a8d-888a96 289->292 291 888a78-888a86 call 88a5c2 290->291 290->292 291->292 294 888b5a-888b63 292->294 295 888a9c-888aaf call 888890 292->295 297 888b69-888b8d call 889396 call 8894f2 294->297 298 8890e4-8890e9 call 89defb 294->298 303 888ab1 295->303 304 888ab3-888ad6 call 88a5c2 call 88ab09 call 89facf 295->304 317 888b8f-888b92 call 889414 297->317 318 888b97-888bdc call 88943e RegQueryValueExW 297->318 305 8890ee 298->305 303->304 332 888ad8-888adf call 88a2b2 304->332 333 888ae1-888ae8 304->333 308 8890ef-8890f6 305->308 311 8890f8-8890fe 308->311 312 889105-88910c 308->312 311->312 315 88911a-889137 call 88aa0b call 8d42c3 312->315 316 88910e-889114 RegCloseKey 312->316 316->315 317->318 326 888bde-888c01 318->326 327 888c03-888c28 call 88a5c2 318->327 326->327 338 888c4d-888c61 326->338 345 888c2a-888c3a 327->345 346 888c3c-888c48 call 88943e 327->346 332->294 333->294 337 888aea-888b1b 333->337 343 888b1d-888b2f call 89defb 337->343 344 888b34-888b4e 337->344 347 888cd1-888cec call 8b5a80 338->347 348 888c63-888c76 338->348 343->305 344->294 345->338 346->338 358 888cee-888cf7 347->358 355 888c78-888c7d 348->355 356 888c7f-888c99 348->356 355->347 355->356 356->347 366 888c9b-888cc5 call 88a5c2 356->366 359 888cf9-888d21 call 88a284 358->359 360 888d23-888d48 call 88a5c2 358->360 359->358 370 888d4a-888d60 call 88a5c2 360->370 371 888d67-888daf RegQueryValueExW 360->371 366->347 370->371 375 888dbc-888de4 call 889299 call 8a21d1 371->375 376 888db1-888db7 371->376 384 888de9-888deb 375->384 378 888e8f-888e94 376->378 380 888e99-888ec8 RegQueryValueExW 378->380 382 888eda-888f02 380->382 383 888eca-888ed5 380->383 385 888f04-888f3c RegQueryValueExW 382->385 383->382 386 888ded-888e25 call 889299 call 8a21d1 384->386 387 888e27 384->387 388 888f3e-888f6a call 88948c call 88930a 385->388 389 888fa7-888fab 385->389 386->387 393 888e2e-888e3c 386->393 387->393 412 888f6c 388->412 413 888f96-888fa2 call 88aa0b 388->413 389->385 390 888fb1-8890e2 call 88948c call 88936e call 889693 call 88aa0b call 88948c call 88936e call 889693 call 88aa0b call 88948c call 88936e call 889693 call 88aa0b call 88948c call 88936e call 889693 call 88aa0b 389->390 390->308 397 888e5e-888e63 393->397 398 888e3e-888e58 call 88aa0b 393->398 403 888e7f-888e86 397->403 404 888e65-888e7a call 88aa0b 397->404 398->397 403->380 406 888e88 403->406 404->403 406->378 416 889138-889142 call 88a64c 412->416 417 888f72-888f76 412->417 413->389 417->413 420 888f78-888f90 417->420 420->413
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(00000000,?,?,0090E67C,0090E660,0000025C,0089BFA9), ref: 00888A29
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(?,0090EB74,00000000,00000000,?,00000208), ref: 00888A69
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(?,0090E740,00000000,00000000,?,00000208), ref: 00888BD4
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(?,0090E660,00000000,00000000,?,00000004), ref: 00888DA7
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(?,0090E67C,00000000,00000000,?,00000004), ref: 00888EC4
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(?,0090E79C,00000000,00000000,?,00000208), ref: 00888F38
                                                                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(00000000), ref: 00889114
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: QueryValue$CloseOpen
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1586453840-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 469c1bd86e698681aa339578b3b5ad27995b174693fac251916d292d3d8bafcf
                                                                                                                                                                                                                                                                                                • Instruction ID: 693898f31e532e9684172fd23290ed7d8a8c624ed0579fcaf36c8b54bdeafa70
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 469c1bd86e698681aa339578b3b5ad27995b174693fac251916d292d3d8bafcf
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 18226D70915219EEDB24FBA8DC99BADBBB9FF44304F504099E109E72A1DB309E84DF11
                                                                                                                                                                                                                                                                                                Function 0089BA23 Relevance: 9.8, APIs: 4, Strings: 1, Instructions: 1081COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetDateFormatW.KERNELBASE(00000000,00000000,?,0091178C,00000000,00000040,00000040), ref: 0089BAF1
                                                                                                                                                                                                                                                                                                • GetNativeSystemInfo.KERNELBASE(00927674,?,000002B4,0088B7BE), ref: 0089BB85
                                                                                                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: DateFormatInfoNativeSystem
                                                                                                                                                                                                                                                                                                • String ID: B
                                                                                                                                                                                                                                                                                                • API String ID: 3865870426-1255198513
                                                                                                                                                                                                                                                                                                • Opcode ID: a8c2a1ef3e52be0b018b4e4845c16a432c87e25510250007110382f194850414
                                                                                                                                                                                                                                                                                                • Instruction ID: 629598cdb790054314322e8ec5a89f090b5408c831564ecb729b141ac015ccd6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: a8c2a1ef3e52be0b018b4e4845c16a432c87e25510250007110382f194850414
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 82920F30A09259AADF28FBA8DD49BADB7B4FF50308F1440E9E005E61E1DB315E85DF16
                                                                                                                                                                                                                                                                                                Function 008C13F0 Relevance: 6.3, APIs: 4, Instructions: 282fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 1225 8c13f0-8c142c call 88a916 1228 8c1749-8c174e call 88a64c 1225->1228 1229 8c1432-8c1454 call 88a916 1225->1229 1232 8c1753-8c175f call 88a64c 1228->1232 1229->1228 1237 8c145a-8c1479 call 88a916 1229->1237 1237->1228 1241 8c147f-8c14bc 1237->1241 1243 8c14ce-8c14dc 1241->1243 1244 8c14be-8c14cb call 88a3ca 1241->1244 1248 8c14de-8c14e9 1243->1248 1249 8c14eb-8c14ed 1243->1249 1244->1243 1250 8c14f0-8c1503 call 8decf2 1248->1250 1249->1250 1250->1232 1254 8c1509-8c150f 1250->1254 1254->1232 1255 8c1515-8c1520 1254->1255 1256 8c1526-8c1539 1255->1256 1257 8c16d3-8c16e7 1255->1257 1260 8c154e-8c155d GetVolumePathNameW 1256->1260 1261 8c153b-8c154b call 88a3ca 1256->1261 1258 8c16e9-8c16ec 1257->1258 1259 8c16f1-8c1702 1257->1259 1258->1259 1264 8c170c-8c1721 1259->1264 1265 8c1704-8c1707 1259->1265 1262 8c155f-8c1567 1260->1262 1263 8c156a-8c1578 call 8decf2 1260->1263 1261->1260 1262->1263 1263->1232 1274 8c157e-8c1581 1263->1274 1268 8c172b-8c1748 call 8d360d 1264->1268 1269 8c1723-8c1726 1264->1269 1265->1264 1269->1268 1274->1232 1276 8c1587-8c1592 1274->1276 1276->1257 1277 8c1598-8c15aa 1276->1277 1278 8c15bc-8c15cb GetVolumeNameForVolumeMountPointW 1277->1278 1279 8c15ac-8c15b9 call 88a3ca 1277->1279 1281 8c15cd-8c15d5 1278->1281 1282 8c15d8-8c15e6 call 8decf2 1278->1282 1279->1278 1281->1282 1282->1232 1287 8c15ec-8c15ef 1282->1287 1287->1232 1288 8c15f5-8c1600 1287->1288 1288->1257 1289 8c1606-8c160e 1288->1289 1290 8c1670-8c1689 CreateFileW 1289->1290 1291 8c1610 1289->1291 1292 8c168b-8c1693 1290->1292 1293 8c1695-8c16b3 DeviceIoControl 1290->1293 1294 8c1612-8c1616 1291->1294 1292->1257 1295 8c16bf-8c16c8 1293->1295 1296 8c16b5-8c16bd 1293->1296 1297 8c1618-8c1621 1294->1297 1298 8c1623 1294->1298 1301 8c16ca 1295->1301 1296->1301 1300 8c1625-8c1631 1297->1300 1298->1300 1300->1294 1303 8c1633-8c1635 1300->1303 1301->1257 1303->1290 1304 8c1637-8c163b 1303->1304 1304->1232 1305 8c1641-8c1650 1304->1305 1306 8c165e-8c1661 1305->1306 1307 8c1652-8c165b call 88a3ca 1305->1307 1306->1232 1309 8c1667-8c166c 1306->1309 1307->1306 1309->1290
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetVolumePathNameW.KERNELBASE(00000000,00000010,00000104,00000000,?,?,0090184D), ref: 008C1555
                                                                                                                                                                                                                                                                                                • GetVolumeNameForVolumeMountPointW.KERNELBASE(00000010,00000010,00000104,?,?,?,?,?,0090184D), ref: 008C15C3
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(00000010,00000000,00000003,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,0090184D), ref: 008C167D
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNELBASE(00000000,002D1080,00000000,00000000,?,0000000C,00000000,00000000,?,?,?,?,?,?,?,0090184D), ref: 008C16AB
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Volume$Name$ControlCreateDeviceFileMountPathPoint
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1837786492-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 5cf417c8b182c4da19d951ab6905a5ed7ab57093b35a92ac7f70effb8557d554
                                                                                                                                                                                                                                                                                                • Instruction ID: 998cb31cfa1a8a1eff20648637d6b1bf5ee6b1c5b3b814602ee69d64d0c1e333
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 5cf417c8b182c4da19d951ab6905a5ed7ab57093b35a92ac7f70effb8557d554
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: A7B16B70A002069FDB14DFA9C989FAEBBB5FF59310F14862DE901EB391EB7499408B51
                                                                                                                                                                                                                                                                                                Function 00888D72 Relevance: 6.2, APIs: 4, Instructions: 180registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 1311 888d72-888d7c 1312 888d82-888daf RegQueryValueExW 1311->1312 1313 888dbc-888dc9 call 889299 1312->1313 1314 888db1-888db7 1312->1314 1317 888dce-888de4 call 8a21d1 1313->1317 1316 888e8f-888e94 1314->1316 1318 888e99-888ec8 RegQueryValueExW 1316->1318 1322 888de9-888deb 1317->1322 1320 888eda-888f02 1318->1320 1321 888eca-888ed5 1318->1321 1323 888f04-888f3c RegQueryValueExW 1320->1323 1321->1320 1324 888ded-888e25 call 889299 call 8a21d1 1322->1324 1325 888e27 1322->1325 1326 888f3e-888f6a call 88948c call 88930a 1323->1326 1327 888fa7-888fab 1323->1327 1324->1325 1331 888e2e-888e3c 1324->1331 1325->1331 1350 888f6c 1326->1350 1351 888f96-888fa2 call 88aa0b 1326->1351 1327->1323 1328 888fb1-8890f6 call 88948c call 88936e call 889693 call 88aa0b call 88948c call 88936e call 889693 call 88aa0b call 88948c call 88936e call 889693 call 88aa0b call 88948c call 88936e call 889693 call 88aa0b 1327->1328 1387 8890f8-8890fe 1328->1387 1388 889105-88910c 1328->1388 1335 888e5e-888e63 1331->1335 1336 888e3e-888e58 call 88aa0b 1331->1336 1341 888e7f-888e86 1335->1341 1342 888e65-888e7a call 88aa0b 1335->1342 1336->1335 1341->1318 1344 888e88 1341->1344 1342->1341 1344->1316 1354 889138-889142 call 88a64c 1350->1354 1355 888f72-888f76 1350->1355 1351->1327 1355->1351 1358 888f78-888f90 1355->1358 1358->1351 1387->1388 1389 88911a-889137 call 88aa0b call 8d42c3 1388->1389 1390 88910e-889114 RegCloseKey 1388->1390 1390->1389
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(?,0090E660,00000000,00000000,?,00000004), ref: 00888DA7
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(?,0090E67C,00000000,00000000,?,00000004), ref: 00888EC4
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(?,0090E79C,00000000,00000000,?,00000208), ref: 00888F38
                                                                                                                                                                                                                                                                                                • RegCloseKey.KERNELBASE(00000000), ref: 00889114
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: QueryValue$Close
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1979452859-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 30f3bf5c72c692f652cf4bc5762dc225531dba00c9515f36ad0da6223ad10e2c
                                                                                                                                                                                                                                                                                                • Instruction ID: 3cde1d7b1aad456e8b85ed4a1c6fc3ee9d68e2dee8f2e701bf246d32f5aab51f
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 30f3bf5c72c692f652cf4bc5762dc225531dba00c9515f36ad0da6223ad10e2c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: EB817A30905268DECB25EB68CD98BADBBB9FB44304F1440D9E109E72A1DB309F89CF55
                                                                                                                                                                                                                                                                                                Function 008C19E0 Relevance: 4.8, APIs: 3, Instructions: 260fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 1573 8c19e0-8c1a3b call 88a916 1576 8c1cdf-8c1ce4 call 88a64c 1573->1576 1577 8c1a41-8c1a8b call 88a916 1573->1577 1579 8c1ce9-8c1cf3 call 88a64c 1576->1579 1577->1576 1585 8c1a91-8c1aa8 1577->1585 1587 8c1aaa-8c1ab1 1585->1587 1588 8c1ab6-8c1ae7 call 88bd93 CreateFileW 1585->1588 1589 8c1c75-8c1c94 call 8dd3d7 1587->1589 1593 8c1ae9-8c1af2 1588->1593 1594 8c1af7-8c1b15 DeviceIoControl 1588->1594 1598 8c1c96-8c1c9b 1589->1598 1599 8c1ca0-8c1cb2 1589->1599 1593->1589 1596 8c1b25-8c1b2a 1594->1596 1597 8c1b17-8c1b20 1594->1597 1601 8c1b2c-8c1b33 1596->1601 1602 8c1b38-8c1b5c call 8e1b84 1596->1602 1607 8c1c6c 1597->1607 1598->1599 1603 8c1cbe-8c1cde call 8d360d 1599->1603 1604 8c1cb4-8c1cb9 1599->1604 1601->1607 1611 8c1b5e-8c1b65 1602->1611 1612 8c1b6a-8c1bca call 8d57e0 DeviceIoControl 1602->1612 1604->1603 1607->1589 1611->1607 1615 8c1bcc-8c1bd5 1612->1615 1616 8c1bda-8c1be0 1612->1616 1615->1607 1617 8c1be2-8c1bf7 1616->1617 1617->1617 1619 8c1bf9-8c1c0f 1617->1619 1620 8c1c1e-8c1c3f call 8ec130 call 8debd0 1619->1620 1621 8c1c11-8c1c1b call 896d2f 1619->1621 1620->1579 1628 8c1c45-8c1c48 1620->1628 1621->1620 1628->1579 1629 8c1c4e-8c1c69 call 8c3090 call 8c32c0 1628->1629 1629->1607
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 008C1ADB
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 558704cd5329af1e0e882a12f6c75aaa3b0debf9ce177303a2a9b3763942a493
                                                                                                                                                                                                                                                                                                • Instruction ID: a8aa9769fbc9a18bc9baa8dbb5067997ce990755b8e36aa1b02b4ec3e77d88d2
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 558704cd5329af1e0e882a12f6c75aaa3b0debf9ce177303a2a9b3763942a493
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 54A1DE71D043489FEF10DFA8C889BAEBBB4FF05714F10821DE515AB282E770AA05CB91
                                                                                                                                                                                                                                                                                                Function 0088B043 Relevance: 3.7, APIs: 2, Instructions: 720COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,00912954,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 43b0930a4cc225ef4929af59031a53364e2a09fb647123fd36875cb41a98961f
                                                                                                                                                                                                                                                                                                • Instruction ID: 3f72dedf88259bd5df3f5b2f061a055df403eb164753f69e88407ca0f5a1047e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 43b0930a4cc225ef4929af59031a53364e2a09fb647123fd36875cb41a98961f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: E342E4309083569FDF25FBA8C856BAD7BA1FF92314F14416AE400EB2E3DB716901DB16
                                                                                                                                                                                                                                                                                                Function 008C1D00 Relevance: 3.2, APIs: 2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 2013 8c1d00-8c1d5a call 88a916 2016 8c1f9e-8c1fa3 call 88a64c 2013->2016 2017 8c1d60-8c1daa call 88a916 2013->2017 2019 8c1fa8-8c1fb2 call 88a64c 2016->2019 2017->2016 2025 8c1db0-8c1df2 call 88bd93 2017->2025 2030 8c1df4-8c1dfd 2025->2030 2031 8c1e02-8c1e20 DeviceIoControl 2025->2031 2036 8c1f34-8c1f53 call 8dd3d7 2030->2036 2032 8c1e30-8c1e42 call 8e1b84 2031->2032 2033 8c1e22-8c1e2b 2031->2033 2039 8c1e44-8c1e4b 2032->2039 2040 8c1e50-8c1e89 call 8d57e0 DeviceIoControl 2032->2040 2042 8c1f2b 2033->2042 2046 8c1f5f-8c1f71 2036->2046 2047 8c1f55-8c1f5a 2036->2047 2039->2042 2050 8c1e99-8c1e9f 2040->2050 2051 8c1e8b-8c1e94 2040->2051 2042->2036 2048 8c1f7d-8c1f9d call 8d360d 2046->2048 2049 8c1f73-8c1f78 2046->2049 2047->2046 2049->2048 2053 8c1ea1-8c1eb6 2050->2053 2051->2042 2053->2053 2056 8c1eb8-8c1ece 2053->2056 2057 8c1edd-8c1efe call 8ec130 call 8debd0 2056->2057 2058 8c1ed0-8c1eda call 896d2f 2056->2058 2057->2019 2065 8c1f04-8c1f07 2057->2065 2058->2057 2065->2019 2066 8c1f0d-8c1f28 call 8c3090 call 8c32c0 2065->2066 2066->2042
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • DeviceIoControl.KERNELBASE(00000000,00074080,00000000,00000000,?,00000018,00000000,00000000), ref: 008C1E18
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ControlDevice
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2352790924-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 3885be6d0c1ee9be2097574fe8505a3194ad4b059774e6468b2fc36a93e73c3d
                                                                                                                                                                                                                                                                                                • Instruction ID: dd1c85ea28774144c8ea56157a63a4158020ef8547bcf29408c9bb0ab7c1edf6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 3885be6d0c1ee9be2097574fe8505a3194ad4b059774e6468b2fc36a93e73c3d
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: CF81B271D043099FEB10DBA8CC49BAEBBB4FF55714F14821DE915EB291DB70A940CB91
                                                                                                                                                                                                                                                                                                Function 008C1FC0 Relevance: 3.2, APIs: 2, Instructions: 225fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 2071 8c1fc0-8c2001 call 88a916 2074 8c22ab-8c22b0 call 88a64c 2071->2074 2075 8c2007-8c2031 call 88a916 2071->2075 2077 8c22b5-8c22bf call 88a64c 2074->2077 2075->2074 2083 8c2037-8c2077 call 88bd93 CreateFileW 2075->2083 2087 8c2079-8c2082 2083->2087 2088 8c2087-8c2095 call 8e1b84 2083->2088 2092 8c2241-8c2266 call 8dd3d7 * 2 2087->2092 2093 8c2097-8c209e 2088->2093 2094 8c20a3-8c20b5 call 8e1b84 2088->2094 2106 8c2268-8c226b 2092->2106 2107 8c2270-8c2282 2092->2107 2095 8c2238 2093->2095 2100 8c20b7-8c20be 2094->2100 2101 8c20c3-8c20c7 2094->2101 2095->2092 2100->2095 2103 8c20d3-8c2187 call 8d57e0 call 8ec130 DeviceIoControl 2101->2103 2115 8c2189-8c219c 2103->2115 2116 8c21a7-8c21ac 2103->2116 2106->2107 2109 8c228c-8c22aa call 8d360d 2107->2109 2110 8c2284-8c2287 2107->2110 2110->2109 2120 8c20d0 2115->2120 2121 8c21a2 2115->2121 2117 8c21b0-8c21c6 2116->2117 2117->2117 2119 8c21c8-8c21db 2117->2119 2122 8c21dd-8c21e7 call 896d2f 2119->2122 2123 8c21ea-8c220b call 8ec130 call 8debd0 2119->2123 2120->2103 2121->2095 2122->2123 2123->2077 2130 8c2211-8c2214 2123->2130 2130->2077 2131 8c221a-8c2235 call 8c3090 call 8c32c0 2130->2131 2131->2095
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,C0000000,00000003,00000000,00000003,00000000,00000000), ref: 008C206B
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 9a1fcf8de1bc978d20a9dcdf94ddd31431d443adbf374979a71bbe8223f59c9a
                                                                                                                                                                                                                                                                                                • Instruction ID: df74d4e6c6531909a032af34774280dac5d35e18d534641faa601a12c6bcce46
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9a1fcf8de1bc978d20a9dcdf94ddd31431d443adbf374979a71bbe8223f59c9a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 73917FB09042499FEB11DFA8C885B9EBBF4FF09314F148159E915EB382D775DA04CBA2
                                                                                                                                                                                                                                                                                                Function 008C1760 Relevance: 3.2, APIs: 2, Instructions: 210fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 2136 8c1760-8c17a0 call 88a916 2139 8c19ca-8c19cf call 88a64c 2136->2139 2140 8c17a6-8c1801 call 88bd93 CreateFileW 2136->2140 2142 8c19d4-8c19df call 88a64c 2139->2142 2149 8c1810-8c1821 call 8e1b84 2140->2149 2150 8c1803-8c180b 2140->2150 2155 8c182b-8c185b call 8d57e0 DeviceIoControl 2149->2155 2156 8c1823-8c1826 2149->2156 2154 8c1984-8c19a2 call 8dd3d7 2150->2154 2162 8c19ac-8c19c9 call 8d360d 2154->2162 2163 8c19a4-8c19a7 2154->2163 2164 8c185d-8c1865 2155->2164 2165 8c186a-8c186f 2155->2165 2157 8c197b 2156->2157 2157->2154 2163->2162 2164->2157 2166 8c1875-8c1878 2165->2166 2167 8c1976 2165->2167 2166->2167 2170 8c187e-8c1883 2166->2170 2167->2157 2172 8c1889 2170->2172 2173 8c1947-8c194c 2170->2173 2174 8c188b-8c1890 2172->2174 2175 8c1896-8c18a4 call 88a916 2172->2175 2176 8c194e-8c1950 2173->2176 2177 8c1952-8c1954 2173->2177 2174->2173 2174->2175 2175->2139 2185 8c18aa-8c18c1 2175->2185 2179 8c1960-8c1965 call 8a2fcf 2176->2179 2180 8c1957-8c195c 2177->2180 2184 8c196a-8c1974 call 8c3090 2179->2184 2180->2180 2181 8c195e 2180->2181 2181->2179 2184->2157 2185->2142 2189 8c18c7-8c18d6 2185->2189 2190 8c18d8-8c18e1 call 896d2f 2189->2190 2191 8c18e4-8c18fd call 8c1280 call 8debd0 2189->2191 2190->2191 2191->2142 2198 8c1903-8c1906 2191->2198 2198->2142 2199 8c190c-8c1931 call 8c32c0 2198->2199 2199->2184 2202 8c1933-8c1945 call 8c3090 2199->2202 2202->2157
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(00000000,00000000,00000003,00000000,00000003,00000000,00000000,?,00000000), ref: 008C17F3
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 6a6f4a97cbcdd7b009b9ad513ae1c92c1180c105926bdc61bb349e5b45625062
                                                                                                                                                                                                                                                                                                • Instruction ID: a01737868d32703576b19413cc3292213873e37cdb821ff822817a8a2c273781
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6a6f4a97cbcdd7b009b9ad513ae1c92c1180c105926bdc61bb349e5b45625062
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9A71A2719042099FDF14DBA8C899FAEBBB4FF46314F14822DE911E7282DB70DD058BA1
                                                                                                                                                                                                                                                                                                Function 008A1346 Relevance: 3.2, APIs: 2, Instructions: 200registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 2206 8a1346-8a1385 RegOpenKeyExW 2207 8a138b-8a1390 2206->2207 2208 8a154d 2206->2208 2210 8a139a-8a13b6 RegQueryValueExW 2207->2210 2211 8a1392-8a1395 2207->2211 2209 8a1550-8a1552 2208->2209 2212 8a155b-8a1561 2209->2212 2213 8a1554 2209->2213 2214 8a13b8-8a13bc 2210->2214 2215 8a142e-8a1432 2210->2215 2211->2209 2213->2212 2214->2215 2217 8a13be-8a13cf call 8e1b84 2214->2217 2216 8a1434-8a143d 2215->2216 2218 8a1542-8a1544 2216->2218 2219 8a1443 2216->2219 2226 8a13d9-8a1404 call 8d57e0 2217->2226 2227 8a13d1-8a13d4 2217->2227 2218->2208 2222 8a1546-8a154c call 8dd3d7 2218->2222 2221 8a1446-8a144e 2219->2221 2224 8a1451-8a145b 2221->2224 2222->2208 2224->2224 2228 8a145d-8a146f 2224->2228 2226->2222 2235 8a140a-8a140f 2226->2235 2227->2208 2232 8a1472-8a1483 2228->2232 2239 8a14ca-8a14d0 2232->2239 2240 8a1485-8a1488 2232->2240 2237 8a1411-8a1412 2235->2237 2238 8a1415-8a141b 2235->2238 2237->2238 2241 8a1429-8a142c 2238->2241 2242 8a141d-8a1427 2238->2242 2245 8a14d3-8a14f7 call 8d5260 2239->2245 2243 8a148a-8a148d 2240->2243 2244 8a148f-8a14a1 2240->2244 2241->2216 2242->2241 2242->2242 2243->2244 2247 8a14a3-8a14ac 2243->2247 2244->2232 2244->2247 2250 8a14fa-8a14fc 2245->2250 2247->2239 2253 8a14ae-8a14b1 2247->2253 2250->2221 2252 8a1502-8a1506 2250->2252 2252->2218 2254 8a1508-8a150a 2252->2254 2253->2239 2255 8a14b3-8a14be 2253->2255 2256 8a151c-8a1537 2254->2256 2257 8a150c-8a151a 2254->2257 2255->2245 2258 8a14c0-8a14c8 2255->2258 2260 8a1540 2256->2260 2257->2260 2258->2250 2260->2218
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(00000000,?,?), ref: 008A137B
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(?,009125E4,00000000,?,00000000,?), ref: 008A13B2
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: OpenQueryValue
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 4153817207-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 7a99f92b58f181cdcff3b0ff50842b55906e282ba283adfabeeb5cac565461b0
                                                                                                                                                                                                                                                                                                • Instruction ID: 9054a49a40b86933c13840530ffcf4f8ce989033bc56d29d3533df9a2756cb4a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 7a99f92b58f181cdcff3b0ff50842b55906e282ba283adfabeeb5cac565461b0
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: FA61AF71E01219AFEF15DFA8DC88ABEBBBAFF49314F144069E402E7610E7709E418B54
                                                                                                                                                                                                                                                                                                Function 0089FC7B Relevance: 3.1, APIs: 2, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 2261 89fc7b-89fcb8 2264 89fcba-89fcd8 2261->2264 2265 89fd21-89fd24 2261->2265 2272 89fcda-89fced call 8ea83a 2264->2272 2273 89fd20 2264->2273 2266 89fd32-89fd35 2265->2266 2267 89fd26-89fd2f 2265->2267 2269 89fd40-89fd4f call 8d360d 2266->2269 2270 89fd37-89fd3a FindCloseChangeNotification 2266->2270 2267->2266 2270->2269 2272->2273 2278 89fcef-89fd04 GetTokenInformation 2272->2278 2273->2265 2279 89fd19-89fd1f call 8dd3d7 2278->2279 2280 89fd06-89fd16 2278->2280 2279->2273 2280->2279
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetTokenInformation.KERNELBASE(?,00000001,00000000,?,?), ref: 0089FCFC
                                                                                                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(?), ref: 0089FD3A
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ChangeCloseFindInformationNotificationToken
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 584730905-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 9c209f8ef10ff2b563625f7d7f78a7f68c1a738ab5ff01a783f5dd7fd17513a6
                                                                                                                                                                                                                                                                                                • Instruction ID: 84b7eac5673ecee335dcc9e1e6233b749de891cf4696bfab7cd29dd860f664eb
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9c209f8ef10ff2b563625f7d7f78a7f68c1a738ab5ff01a783f5dd7fd17513a6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: F8216B71A11219AFEF109FA5DC89ABFBBBCFF04710F144429EA01E2151D7318A00DBA0
                                                                                                                                                                                                                                                                                                Function 008A21D1 Relevance: 3.1, APIs: 2, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 2284 8a21d1-8a21ec 2285 8a21f2-8a21f5 2284->2285 2286 8a22a7 2284->2286 2285->2286 2287 8a21fb-8a21fd 2285->2287 2288 8a22a9 2286->2288 2287->2286 2289 8a2203-8a2213 GetFileVersionInfoSizeW 2287->2289 2290 8a22aa-8a22b0 2288->2290 2291 8a2222-8a222d call 8e1b84 2289->2291 2292 8a2215-8a221d 2289->2292 2296 8a222f-8a2231 2291->2296 2297 8a2233-8a224e call 8d57e0 GetFileVersionInfoW 2291->2297 2292->2290 2296->2288 2300 8a225a-8a2270 2297->2300 2301 8a2250-8a2258 2297->2301 2305 8a2279-8a229a 2300->2305 2306 8a2272-8a2277 2300->2306 2304 8a229e-8a22a5 call 8dd3d7 2301->2304 2304->2290 2305->2304 2306->2304
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 008A2208
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FileInfoSizeVersion
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1661704012-0
                                                                                                                                                                                                                                                                                                • Opcode ID: e1dd72f5eb557216f45c87ed42d4afb52775dcf9f6372a1269f1016cea84ce2c
                                                                                                                                                                                                                                                                                                • Instruction ID: 91a3eddc01f23b8401cf6d60a0cc3657de92d8aa54202d8d32176785c8705946
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e1dd72f5eb557216f45c87ed42d4afb52775dcf9f6372a1269f1016cea84ce2c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4921F779904219AEEB209F99D844AAFF77CFF4A754B10819AE805E3600E7308941D7A1
                                                                                                                                                                                                                                                                                                Function 008A09A0 Relevance: 1.9, APIs: 1, Instructions: 387registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 2309 8a09a0-8a09f0 call 8d42d2 call 88aa2d call 88bd93 RegOpenKeyExW 2316 8a0df6-8a0dfa 2309->2316 2317 8a09f6-8a0a0a 2309->2317 2318 8a0dfc 2316->2318 2319 8a0e05-8a0e09 2316->2319 2320 8a0bfb-8a0c15 2317->2320 2321 8a0a10-8a0a46 call 88aa2d call 88a41f 2317->2321 2318->2319 2322 8a0e0b 2319->2322 2323 8a0e14-8a0e2a call 88aa0b call 8d42a0 2319->2323 2320->2316 2330 8a0c1b-8a0c23 2320->2330 2336 8a0bc9-8a0bdd call 88d63e 2321->2336 2322->2323 2330->2319 2331 8a0c29-8a0c56 call 88aa2d call 88a41f 2330->2331 2342 8a0dce-8a0de2 call 88d63e 2331->2342 2344 8a0a4b-8a0a4f 2336->2344 2345 8a0be3-8a0bf6 call 88aa0b 2336->2345 2359 8a0c5b-8a0c5f 2342->2359 2360 8a0de8-8a0df1 call 88aa0b 2342->2360 2346 8a0a51 2344->2346 2347 8a0a56-8a0a76 call 8a06b1 2344->2347 2345->2320 2350 8a0b81-8a0bc8 call 88aa0b call 88aa2d call 88a41f 2346->2350 2357 8a0a7c-8a0a9c call 88aa2d * 2 2347->2357 2358 8a0b73-8a0b78 2347->2358 2350->2336 2384 8a0a9f-8a0aa8 2357->2384 2358->2350 2366 8a0b7a-8a0b80 call 8dd3d7 2358->2366 2364 8a0c61 2359->2364 2365 8a0c66-8a0c87 call 8a06b1 2359->2365 2360->2316 2370 8a0d87-8a0dcd call 88aa0b call 88aa2d call 88a41f 2364->2370 2381 8a0d7a-8a0d7c 2365->2381 2382 8a0c8d-8a0cae call 88aa2d * 2 2365->2382 2366->2350 2370->2342 2386 8a0d7e-8a0d84 call 8dd3d7 2381->2386 2387 8a0d85 2381->2387 2403 8a0cb1-8a0cba 2382->2403 2384->2384 2389 8a0aaa-8a0aae 2384->2389 2386->2387 2387->2370 2394 8a0b52-8a0b70 call 88aa0b * 2 2389->2394 2395 8a0ab4 2389->2395 2394->2358 2399 8a0ab7-8a0b10 call 8a30d5 call 88a41f call 8a30d5 call 88a41f call 89b9fe call 88d63e * 2 2395->2399 2437 8a0b32-8a0b37 2399->2437 2438 8a0b12-8a0b19 2399->2438 2403->2403 2404 8a0cbc 2403->2404 2407 8a0d4f-8a0d53 2404->2407 2411 8a0d59-8a0d77 call 88aa0b * 2 2407->2411 2412 8a0cc1-8a0d1a call 8a30d5 call 88a41f call 8a30d5 call 88a41f call 89b9fe call 88d63e * 2 2407->2412 2411->2381 2449 8a0d3c-8a0d41 2412->2449 2450 8a0d1c-8a0d23 2412->2450 2440 8a0b3a-8a0b43 2437->2440 2438->2437 2441 8a0b1b-8a0b22 2438->2441 2440->2440 2443 8a0b45-8a0b49 2440->2443 2441->2437 2444 8a0b24-8a0b2f call 8a0729 2441->2444 2443->2399 2446 8a0b4f 2443->2446 2444->2437 2446->2394 2453 8a0d44-8a0d4d 2449->2453 2450->2449 2452 8a0d25-8a0d2c 2450->2452 2452->2449 2454 8a0d2e-8a0d39 call 8a0729 2452->2454 2453->2407 2453->2453 2454->2449
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000002,?,00000000,00020019,?,0089C9C6,00911D64), ref: 008A09E8
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A06B1: RegOpenKeyExW.KERNELBASE(00000000,?,00000000), ref: 008A06DE
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 52181899bb0396401be980bfcb243d92616cd522393da717e45c534ad5d888b7
                                                                                                                                                                                                                                                                                                • Instruction ID: edf4b00c9bffa13c668a03a6cf42295add28e0ca9cfd412ae57986e760a73f58
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 52181899bb0396401be980bfcb243d92616cd522393da717e45c534ad5d888b7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 65E17F71D002199FEB18EBA8C9859FEB7B9FF15304F14412AE512E7681EB706E05CF62
                                                                                                                                                                                                                                                                                                Function 008BE8F0 Relevance: 1.7, APIs: 1, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 2457 8be8f0-8be954 GetSystemInfo call 8d57e0 2459 8be959-8be975 2457->2459 2461 8be98e-8be997 2459->2461 2462 8be977-8be987 2459->2462 2463 8be999-8be9ba 2461->2463 2464 8be9bc-8be9ef call 8d57e0 2461->2464 2462->2461 2463->2464 2470 8bea06-8bea0e 2463->2470 2464->2470 2476 8be9f1-8bea05 2464->2476 2472 8bebdb-8bebe2 2470->2472 2473 8bea14-8bea22 2470->2473 2477 8bec2e 2472->2477 2478 8bebe4-8bebf1 2472->2478 2474 8bea28-8bea30 2473->2474 2475 8bec30-8bec44 call 8d360d 2473->2475 2479 8bebcb-8bebd2 2474->2479 2480 8bea36-8bea3e 2474->2480 2476->2470 2477->2475 2482 8bec08-8bec0b 2478->2482 2483 8bebf3-8bebff 2478->2483 2479->2475 2490 8bebd4-8bebd9 2479->2490 2485 8beb93-8beb9c 2480->2485 2486 8bea44-8bea4c 2480->2486 2487 8bec0d-8bec1e 2482->2487 2488 8bec27-8bec2c 2482->2488 2483->2475 2484 8bec01-8bec06 2483->2484 2484->2475 2485->2475 2494 8beba2-8bebaa 2485->2494 2491 8bea4e-8bea51 2486->2491 2492 8bea65-8bea6a 2486->2492 2487->2475 2493 8bec20-8bec25 2487->2493 2488->2475 2490->2475 2491->2475 2495 8bea57-8bea63 2491->2495 2492->2475 2493->2475 2494->2475 2496 8bebb0-8bebb8 2494->2496 2495->2492 2497 8bea6f-8bea75 2495->2497 2496->2475 2498 8bebba-8bebc2 2496->2498 2499 8bea81-8bea87 2497->2499 2500 8bea77-8bea7c 2497->2500 2498->2475 2501 8bebc4-8bebc9 2498->2501 2502 8bea89-8bea8e 2499->2502 2503 8bea93-8bea99 2499->2503 2500->2475 2501->2475 2502->2475 2504 8bea9b-8beaa0 2503->2504 2505 8beaa5-8beaab 2503->2505 2504->2475 2506 8beaad-8beab2 2505->2506 2507 8beab7-8beabd 2505->2507 2506->2475 2508 8beac9-8beacf 2507->2508 2509 8beabf-8beac4 2507->2509 2510 8beadb-8beae1 2508->2510 2511 8bead1-8bead6 2508->2511 2509->2475 2512 8beaed-8beaf3 2510->2512 2513 8beae3-8beae8 2510->2513 2511->2475 2514 8beaff-8beb05 2512->2514 2515 8beaf5-8beafa 2512->2515 2513->2475 2516 8beb11-8beb17 2514->2516 2517 8beb07-8beb0c 2514->2517 2515->2475 2518 8beb19-8beb1e 2516->2518 2519 8beb23-8beb29 2516->2519 2517->2475 2518->2475 2520 8beb2b-8beb30 2519->2520 2521 8beb35-8beb3b 2519->2521 2520->2475 2522 8beb3d-8beb42 2521->2522 2523 8beb47-8beb4d 2521->2523 2522->2475 2524 8beb59-8beb5f 2523->2524 2525 8beb4f-8beb54 2523->2525 2526 8beb6b-8beb71 2524->2526 2527 8beb61-8beb66 2524->2527 2525->2475 2528 8beb7d-8beb83 2526->2528 2529 8beb73-8beb78 2526->2529 2527->2475 2528->2475 2530 8beb89-8beb8e 2528->2530 2529->2475 2530->2475
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetSystemInfo.KERNELBASE(?), ref: 008BE90A
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: InfoSystem
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 31276548-0
                                                                                                                                                                                                                                                                                                • Opcode ID: af1727441d0e38732eac33ccb9f1a8928c66f2a5fb09472e99d02da41dce1b49
                                                                                                                                                                                                                                                                                                • Instruction ID: 50160eb816c2bf2585e92a00c721578fe2676744bdeb816ddd944636422bed76
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: af1727441d0e38732eac33ccb9f1a8928c66f2a5fb09472e99d02da41dce1b49
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C71DC71A7511C8FEF788A14D8BA7EA7A65FB05304F20047AE607E7790C6388EC17B56
                                                                                                                                                                                                                                                                                                Function 008B7510 Relevance: 1.7, APIs: 1, Instructions: 165COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 2531 8b7510-8b754f 2533 8b7672-8b768f call 8c5750 call 8d51f2 2531->2533 2534 8b7555-8b755f 2531->2534 2550 8b7694-8b76e1 call 8c5710 call 8d51f2 2533->2550 2535 8b757e-8b75e2 call 8c3780 2534->2535 2536 8b7561 2534->2536 2544 8b7651-8b766d call 89de63 call 8d51f2 2535->2544 2545 8b75e4-8b75e6 2535->2545 2537 8b7563-8b757d call 8d360d 2536->2537 2544->2533 2545->2544 2549 8b75e8 2545->2549 2552 8b75ea-8b75ec 2549->2552 2553 8b75ee-8b75f1 2549->2553 2566 8b76ea-8b7708 2550->2566 2567 8b76e3 2550->2567 2552->2544 2552->2553 2553->2550 2556 8b75f7-8b7615 call 8b72b0 2553->2556 2562 8b761e-8b762a 2556->2562 2563 8b7617 2556->2563 2564 8b762c-8b762d FindCloseChangeNotification 2562->2564 2565 8b7633-8b7640 2562->2565 2563->2562 2564->2565 2568 8b7649-8b764c 2565->2568 2569 8b7642 2565->2569 2570 8b770a 2566->2570 2571 8b7711-8b7724 2566->2571 2567->2566 2568->2537 2569->2568 2570->2571 2572 8b772d-8b7742 2571->2572 2573 8b7726 2571->2573 2573->2572
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?), ref: 008B762D
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ChangeCloseFindNotification
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 2591292051-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 182c097293391dc46b2775ca5c0b04808e2a762188326317fdb743536992441f
                                                                                                                                                                                                                                                                                                • Instruction ID: 583812b97da6b9cbe134a3217c78b3bcd357546682910669d30edac29b649aac
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 182c097293391dc46b2775ca5c0b04808e2a762188326317fdb743536992441f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 57618C71D187489FDB10DFA8D949BDEBBB8FB59714F108619E821E3380DB74AA44CB90
                                                                                                                                                                                                                                                                                                Function 008A053D Relevance: 1.7, APIs: 1, Instructions: 158registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule

                                                                                                                                                                                                                                                                                                Control-flow Graph

                                                                                                                                                                                                                                                                                                • Executed
                                                                                                                                                                                                                                                                                                • Not Executed
                                                                                                                                                                                                                                                                                                control_flow_graph 2574 8a053d-8a055b 2575 8a055d-8a0560 2574->2575 2576 8a0565-8a056d 2574->2576 2577 8a06ab-8a06b0 2575->2577 2578 8a059e-8a05a0 2576->2578 2579 8a056f-8a057a 2576->2579 2580 8a05a3-8a05ba RegQueryValueExW 2578->2580 2581 8a057f-8a0593 2579->2581 2582 8a057c 2579->2582 2583 8a05c0-8a05ca 2580->2583 2584 8a0697-8a069d 2580->2584 2581->2584 2589 8a0599-8a059c 2581->2589 2582->2581 2587 8a05d8 2583->2587 2588 8a05cc-8a05ce 2583->2588 2584->2577 2586 8a069f-8a06a2 2584->2586 2586->2577 2590 8a06a4 2586->2590 2591 8a05da-8a05dd 2587->2591 2588->2591 2592 8a05d0 2588->2592 2589->2580 2590->2577 2594 8a05ee-8a05f0 2591->2594 2595 8a05df-8a05e2 2591->2595 2593 8a05d2-8a05d3 2592->2593 2593->2584 2597 8a05f1 2594->2597 2595->2594 2596 8a05e4-8a05e7 2595->2596 2598 8a05e9-8a05ec 2596->2598 2599 8a05f4-8a060d call 8eaf2a 2596->2599 2597->2599 2598->2597 2602 8a060f-8a0611 2599->2602 2603 8a0613-8a0647 call 8d57e0 2599->2603 2602->2593 2603->2584 2607 8a0649-8a0651 2603->2607 2607->2592 2608 8a0657-8a0659 2607->2608 2608->2584 2609 8a065b-8a0662 2608->2609 2610 8a0669-8a066c 2609->2610 2611 8a0664-8a0667 2609->2611 2612 8a068e-8a0690 2610->2612 2613 8a066e-8a0671 2610->2613 2611->2610 2612->2584 2614 8a0692-8a0695 2612->2614 2615 8a0673-8a067a 2613->2615 2614->2584 2616 8a0688-8a068b 2615->2616 2617 8a067c-8a0686 2615->2617 2616->2612 2617->2615 2617->2616
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegQueryValueExW.KERNELBASE(?,?,00000000,?,00000000,?), ref: 008A05B0
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: QueryValue
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3660427363-0
                                                                                                                                                                                                                                                                                                • Opcode ID: c09ee4bb34e849c777fe8898b054265ad1fb574930e7cd8a811134907f86dfa4
                                                                                                                                                                                                                                                                                                • Instruction ID: 65fce44de4b20022cc11a45c1acba146205c86956c6001fa174452e049e9674a
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: c09ee4bb34e849c777fe8898b054265ad1fb574930e7cd8a811134907f86dfa4
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7A518F75E04206AFEB24CFA8C8909AEBBB9FF95354B248469E845E7710E730DE50CF50
                                                                                                                                                                                                                                                                                                Function 0088B5EC Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,00912954,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 0f2eea2cb00aa0e54338f93b15bc9d95d238d21e90d9524a5ef9db36079dd0f1
                                                                                                                                                                                                                                                                                                • Instruction ID: b87ba25e7b6e54b38f156858ead633a00fe4ea700e661eaca0ec49958eb242d0
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0f2eea2cb00aa0e54338f93b15bc9d95d238d21e90d9524a5ef9db36079dd0f1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B251C330909286DFDF28FBA8DD5ABAC7B60FF91318F184058F401AB1D2CB615D05EB22
                                                                                                                                                                                                                                                                                                Function 0088B8EF Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,00912954,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                • Opcode ID: aca557eb2b92f2283a11454f7428cf8a091bfa0a61d2770bad03da593096dcd1
                                                                                                                                                                                                                                                                                                • Instruction ID: 8ef4a651c3bfde0b6a00bd1d0ea5a158dffd6fbaa8a7d9b281d13af27edc298d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: aca557eb2b92f2283a11454f7428cf8a091bfa0a61d2770bad03da593096dcd1
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3F51B430909285DEDF28FBA8D99ABADBB71FF91318F144059E001EB1E2CB701E05DB12
                                                                                                                                                                                                                                                                                                Function 008A0E2B Relevance: 1.6, APIs: 1, Instructions: 142registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(80000002,00912548,00000000,00020019,00000000,00912508,009124D0,00000024,008A1039,0092746C,00000006,00927474,00000006,009273FC,0089C9C6,00911D64), ref: 008A0E78
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A06B1: RegOpenKeyExW.KERNELBASE(00000000,?,00000000), ref: 008A06DE
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                                                                                                                                • Opcode ID: e688355c0cf46f2b5efc42d9857c1ba36e68d1d2cbbe49c58860df7400e46772
                                                                                                                                                                                                                                                                                                • Instruction ID: c0c160a03f5c3be8fe94f2c7bda873ef800a9e2df4fcc57c9d4922e9c4637fca
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: e688355c0cf46f2b5efc42d9857c1ba36e68d1d2cbbe49c58860df7400e46772
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF517C7190020A9FEF14EBA8C986AFEB374FF55308F144159E512B72C1EB746A49CB62
                                                                                                                                                                                                                                                                                                Function 008C3860 Relevance: 1.6, APIs: 1, Instructions: 133fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • MapViewOfFile.KERNELBASE(?,00000000,00000000,00000000,00000000,?,008C379C,?,00000000,?,?,?,00000000,00901AC0,000000FF), ref: 008C3902
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FileView
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3314676101-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 4014e48dd7c5ddf763e9e60a703cd6d9d27f05c9605a7ea113410c2e449087bf
                                                                                                                                                                                                                                                                                                • Instruction ID: 00d62d0d862381b2e9757e3ead92f1b5b56698c64511fd0bc30c49b13197b570
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4014e48dd7c5ddf763e9e60a703cd6d9d27f05c9605a7ea113410c2e449087bf
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6341B2716047089FCB10DB69D845FAFBBB9FF89714F14861EE442E3290DB70EA458BA0
                                                                                                                                                                                                                                                                                                Function 008A1042 Relevance: 1.6, APIs: 1, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(00000000,?,?,00927550,?), ref: 008A1095
                                                                                                                                                                                                                                                                                                  • Part of subcall function 008A06B1: RegOpenKeyExW.KERNELBASE(00000000,?,00000000), ref: 008A06DE
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 4e4bbdc769127608cf346d57520fb77b89d9ffdc29f10b4e351b4abe2ee90800
                                                                                                                                                                                                                                                                                                • Instruction ID: 059b17ea1538666dd9ee25bbfcd9a6de900f46ed5d504769e84a7687ba29b228
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4e4bbdc769127608cf346d57520fb77b89d9ffdc29f10b4e351b4abe2ee90800
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04317C76D04219EFDF20DF99DC849EAF7B9FB54304B14442AE905F3610E730AA46CB90
                                                                                                                                                                                                                                                                                                Function 0088BA3C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,00912954,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 0c6df5897a87e61f68250ab7e878f4227dcab2015fd03df1b86fa30c51c41594
                                                                                                                                                                                                                                                                                                • Instruction ID: 8cb41e7502994cd984a3c35887e1b46b1ab75fa93904d2ba3fadb85b6f06547d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0c6df5897a87e61f68250ab7e878f4227dcab2015fd03df1b86fa30c51c41594
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B441B230915289DEDF28FBA8C999BEDBB60FF51318F144059D001AB1D2CB711E49DB12
                                                                                                                                                                                                                                                                                                Function 0088BAAE Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,00912954,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                • Opcode ID: b9e1a522fbb2fcc81ec806cf43bc6ae18f55371de051e40a735926cf357d770c
                                                                                                                                                                                                                                                                                                • Instruction ID: ccef5d0547b8cd2a99d5a85cd8f784cffe0cf47499aceda231eab70e6964953b
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: b9e1a522fbb2fcc81ec806cf43bc6ae18f55371de051e40a735926cf357d770c
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5231AF3091529ADEDF29FBA8CAA9BEDBB60FF51318F144059D001AB1D2CB711E49DB12
                                                                                                                                                                                                                                                                                                Function 0088BA76 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,00912954,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                • Opcode ID: d875c90f8a53f1962fcba4eee03681370fde8a4a3ca7a3905f03a2fe2295ea4f
                                                                                                                                                                                                                                                                                                • Instruction ID: 9283b3c0aca59d0514005e5fcdab1c0a733310bd8177f5cbe337d31e030328b6
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d875c90f8a53f1962fcba4eee03681370fde8a4a3ca7a3905f03a2fe2295ea4f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 68319330915289DEDF28FBA8DA99BED7B70FF51318F14405DE0019B1D2CB751A45DB12
                                                                                                                                                                                                                                                                                                Function 008C36B0 Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileMappingW.KERNELBASE(008C379C,00000000,00000002,?,?,00000000,?,?,?,?,?,?,?,?,?,008C379C), ref: 008C36FF
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateFileMapping
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 524692379-0
                                                                                                                                                                                                                                                                                                • Opcode ID: d70fd3d4b958fdace5f3f82d08adbec3b6969c9081fe2b6c2930d7262271c9f7
                                                                                                                                                                                                                                                                                                • Instruction ID: 7398d65bcc95ebafeff26137eca88bb994b417c8f32e395f508d613b5b802504
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d70fd3d4b958fdace5f3f82d08adbec3b6969c9081fe2b6c2930d7262271c9f7
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: D321C8B2604208ABC724AF69DC4AFABBBBCFB44710F00862DF415D3251DB70EA4587A5
                                                                                                                                                                                                                                                                                                Function 0088BA9B Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • FreeLibrary.KERNELBASE(00000000,00912954,?), ref: 0088BB2F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 6969bdbcb478cfe9e14df79a0e6db4806e3df80449b05b80990554d48767450f
                                                                                                                                                                                                                                                                                                • Instruction ID: a481c17b2e7cf38ed3a3e6975e29058fa0d1b161003bfec76e385e5469429e74
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 6969bdbcb478cfe9e14df79a0e6db4806e3df80449b05b80990554d48767450f
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: B531913091528ADEDF28FBA8D699BECBB70FF51318F244059D001AB1D2CB711A49DB12
                                                                                                                                                                                                                                                                                                Function 008A1B1E Relevance: 1.6, APIs: 1, Instructions: 61fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,00000010,0089CE50,00000000), ref: 008A1B4E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                • Opcode ID: d93f9f29de1e7dfbb5d203e1150001a848da2f114a5238920a341a5075000f59
                                                                                                                                                                                                                                                                                                • Instruction ID: 38c864d53a2a8dff97067c9e322bc3bf676f62cc7718961878b8062cde307927
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: d93f9f29de1e7dfbb5d203e1150001a848da2f114a5238920a341a5075000f59
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 781108306083059AEF245B7C4C9A7BE6B55FB43374F108A19EA55D76C1EB704907A331
                                                                                                                                                                                                                                                                                                Function 008A06B1 Relevance: 1.5, APIs: 1, Instructions: 46registryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RegOpenKeyExW.KERNELBASE(00000000,?,00000000), ref: 008A06DE
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: Open
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 71445658-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 9727285345aec6f0ea002872ec22b8403a4bda4f8c495114786fc6e4b796861a
                                                                                                                                                                                                                                                                                                • Instruction ID: 2f4d36533feb05480e289a0efa3f17b3458e438b757ce08ca48ed8735c82a62e
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9727285345aec6f0ea002872ec22b8403a4bda4f8c495114786fc6e4b796861a
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 6001F236915219FFEF24AB98EC05BAEBB7AFB89724F104054F405A6170DA719E10EF50
                                                                                                                                                                                                                                                                                                Function 0088BF35 Relevance: 1.5, APIs: 1, Instructions: 40fileCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0088BF5F
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: CreateFile
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 68ff8e1c4d608bc36af2b354453e9daaf67f1695344e93ab418034137bb3e8d6
                                                                                                                                                                                                                                                                                                • Instruction ID: 6a6b943a085234e73bea15421f0499d38f2cd2e46df56676c6df473292ab0852
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 68ff8e1c4d608bc36af2b354453e9daaf67f1695344e93ab418034137bb3e8d6
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: DCF03131515201AFDB306F6DDC09B49BBA8EBD2731F20871DE6A1D31E0CB709985DB51
                                                                                                                                                                                                                                                                                                Function 008EF49B Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RtlAllocateHeap.NTDLL(00000000,00000001,?,?,008D4A72,?,?,?,00000000,?,008B7DFF,?,?), ref: 008EF4CD
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 4c3a570859608196710c4bc34c7242ed2e2c3b878e3ab8705327d8760881e1ab
                                                                                                                                                                                                                                                                                                • Instruction ID: d8006e6bf7523d9153fadbbd97ced85875f05b36e2506718763f575ccdf3638d
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c3a570859608196710c4bc34c7242ed2e2c3b878e3ab8705327d8760881e1ab
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 04E0E531505296A7E631267B9D00B5B7A4CFB433B8F044131AE29D64D3DE10CC0083E9
                                                                                                                                                                                                                                                                                                Function 008EF461 Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(00000000,00000000,?,008EF366,00000000,00000000,00925E58,00000000,?,?,000000FF,?,008EF3BB,00000001,00000364,?), ref: 008EF477
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                                                • Opcode ID: cf3afcff4df3cf1b802f5ae93d6afecf8d1a55998cc1c0cce2950c5e1b3f5f14
                                                                                                                                                                                                                                                                                                • Instruction ID: e1e6e5c9c18d318bfc090ecaaa0f31614b24d9a14acc3cdddcb088b892bf83d3
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cf3afcff4df3cf1b802f5ae93d6afecf8d1a55998cc1c0cce2950c5e1b3f5f14
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 83E08C72205314BBCB212BA9AC09B8A7B98EB45355F148121F71CEA1A1DA348950E7D8
                                                                                                                                                                                                                                                                                                Function 0088A6AC Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • RtlFreeHeap.NTDLL(?,00000000,00000000,?,?,008FABEC,000000FF), ref: 0088A6DC
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: FreeHeap
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 8c6504c0f2a1ebff1f4feec418014564eebe218d489c0b1ed7c9ef518e464e32
                                                                                                                                                                                                                                                                                                • Instruction ID: 47ffe3c03a936e1ef1b96ca2d34c9dc6f6bf176c23dfd4d1a86e17a993792b81
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 8c6504c0f2a1ebff1f4feec418014564eebe218d489c0b1ed7c9ef518e464e32
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 97E09276508648FFCB15CF14DC45F55BBA8F719B24F10C22AA926966D0C7399540CA44
                                                                                                                                                                                                                                                                                                Function 0089FACF Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • GetFileAttributesW.KERNELBASE(?,?,00000024,00896FB8,?,0091045C,?,?,?,00910444,?,000000B8,?,?,?), ref: 0089FAEB
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: AttributesFile
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 3188754299-0
                                                                                                                                                                                                                                                                                                • Opcode ID: 57e3e1cbac85804ea0a45de4478e1af80ab9f0723e3f05f68fa4ad812845c647
                                                                                                                                                                                                                                                                                                • Instruction ID: 2c5f0e10476889a80a4030e5202886e7479475a70f1a923d4576f4fa75970783
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: 57e3e1cbac85804ea0a45de4478e1af80ab9f0723e3f05f68fa4ad812845c647
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: BDE08C34834514ABC714ABA8EC06BDC7630FF00730F901319B1B1A22E1DBB41A0A9A16
                                                                                                                                                                                                                                                                                                Function 008ED124 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                                                                                                • ExitProcess.KERNEL32(008ED819,?,008ED11E,00000000,?,?,008ED819,?,?,008ED819), ref: 008ED14E
                                                                                                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                                                                                                • Source File: 0000000B.00000002.7479010550.0000000000881000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00880000, based on PE: true
                                                                                                                                                                                                                                                                                                • Associated: 0000000B.00000002.7478762832.0000000000880000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                • Snapshot File: hcaresult_11_2_880000_CCUpdate.jbxd
                                                                                                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                                                                                                • API ID: ExitProcess
                                                                                                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                                                                                                • API String ID: 621844428-0
                                                                                                                                                                                                                                                                                                • Opcode ID: cc92dfc5bc5f2284de022aeb21df9d8e0b951c56b44ba1ed91e50bca2469a966
                                                                                                                                                                                                                                                                                                • Instruction ID: 32f8890e8e08930d98ad4f774ea94dc867b2173c031dd78c7007bca831d03031
                                                                                                                                                                                                                                                                                                • Opcode Fuzzy Hash: cc92dfc5bc5f2284de022aeb21df9d8e0b951c56b44ba1ed91e50bca2469a966
                                                                                                                                                                                                                                                                                                • Instruction Fuzzy Hash: 37D09E31018288FFCF013F66DD0D85E7F2EFF85351B44C014B91989131CF719A55AA41